...
Sometimes when you install software, said software turns on services for you, other times said software will try to communicate with the outside world, but not be programmed to use a specific protocol. We have had several cases where old software talks to the outside world, does not know which security protocol to use, and picks the first one on the available list, even if said protocol is normally disabled unused due to being old and broken. Example: the Ubuntu user manual using the broken TLSV1.0 when it could be using the far more secure TLSv1.2. The below is adapted from https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-poodle-sslv3-vulnerability
...