Yes we all know that SSLv2 is to be avoided, but you should also consider disabling SSLv3! Wha? Crazy I know. Here is some info.
The replacement for SSLv3 was TLS 1.0. We now have TLS 1.0, 1.1, and 1.2. In fact, no modern browsers or mobile devices need SSLv3 – not even IE 8 on Windows XP!
For best security, disable both SSLv2 and SSLv3 and only use TLS 1.0 and higher.
In Apache, current docs say to specify the following:
SSLProtocol All -SSLv2 -SSLv3