Still vulnerable after disabling SSLv3

I'm trying to disable SSLv3 to avoid the Poodle problem. I'm using the following instructions as a guidleine: https://access.redhat.com/solutions/1232413 I've applied the following line to my config file: SSLProtocol All -SSLv2 -SSLv3 and restarted apache, but it looks like I'm still vulnerable. I'm using this tool to verify: https://access.redhat.com/labs/poodle/ I've also done a grep to make sure SSL is not active anywhere else, which it isn't. I came across this post: https://unix.stackexchange.com/questions/162478/poodle-disabling-sslv3-in-apache , the accepted answer states that you have to put in the above line in every vhost stanza, is this true? I do have other vhosts on this server but they are required to be secure. ** EDIT: Adding sanatised config file for the site with SSL references. ** ServerAdmin webmaster@xxxxxx.xxx DocumentRoot "/html/xxxxxx.xxxxxx.xxx" ServerAlias xxxxxx.xxxxxx.xxx ServerAlias xxxxxx.xxxxxx.xxx ServerName xxxxxx.xxxxxx.xxx ErrorLog logs/xxxxxx.xxxxxx.xxx-error_log CustomLog logs/xxxxxx.xxxxxx.xxx-access_log common ServerAdmin webmaster@xxxxxx.xxx DocumentRoot "/html/xxxxxxxxxxx/xxxxxx” ServerAlias xxxxxx.xxxxxx.xxx ServerAlias xxxxxx.xxxxxx.xxx ServerName xxxxxx.xxxxxx.xxx ErrorLog logs/xxxxxx.xxxxxx.xxx-error_log CustomLog logs/xxxxxx.xxxxxx.xxx-access_log common SSLEngine on SSLCertificateFile /path/to/cert/xxxxxx.xxxxxx.xxx.crt SSLCertificateKeyFile /path/to/key/xxxxxx.xxxxxx.xxx.key SSLCertificateChainFile /path/to/chain/xxxxxx.xxxxxx.xxx.ca SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ALL:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn DirectoryIndex index.php index.htm index.html Options -Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews AllowOverride All Order allow,deny Allow from all My other vhost files are just standard configs for port 80, there's nothing special about them. sudo service httpd configtest returns Syntax OK.