Can someone tell banks and places like TP Online
With a bit of luck the lawyers will wake up to the problem of liability through negligence. By formally declaring SSLv3 dead and buried, and by refusing any connections from the grave there is no credible argument that anyone still relying on this code is doing anything at all for security.
This means that when problems appear it's not just consequential liability, it is also likely to attract regulatory fines as well. Personally, I think the way to fix this is to make banker bonuses payable to any victims - I reckon it would turn the City into a powerhouse of cybersecurity in, umm, a week, tops :)