Shame on the IETF for publishing such FUD.
SSLv3 is neither broken nor insecure. It actually provides *ALL* security guarantees described for TLSv1.2 in Appendix F of rfc5246:
Appendix F. Security Analysis
The TLS protocol is designed to establish a secure connection between
a client and a server communicating over an insecure channel. This
document makes several traditional assumptions, including that
attackers have substantial computational resources and cannot obtain
secret information from sources outside the protocol. Attackers are
assumed to have the ability to capture, modify, delete, replay, and
otherwise tamper with messages sent over the communication channel.
This appendix outlines how TLS has been designed to resist a variety
The real problem with SSLv3 is, that what Web Browsers (and so called SSL VPNs) are doing goes beyond the design limits of SSLv3 (and that of TLSv1.2, mind you), and in some of those areas _outside_the_official_TLS_design_limits_ explored by Web Browsers and SSL VPNs, TLSv1.2 avoids some of the problems of SSLv3.
For those who didn't know, TLSv1.2 has its own security goofs, where it falls behind SSLv3. One is the weak digitally-signed, which replaces a 272-bit hash in an RSA digital signature with a much weaker 160-bit hash (sha1), rather than carrying through what has been working just fine for more than a decade as the minimum digital signature security level.