Cloud SWG

Cloud SWG, by default, does not use SSLv3. It only downgrades it when the website cannot handle TLS and ask Cloud SWG to make connection over SSLv3. There are websites which might still use SSLv3 and disabling SSLv3 globally can cause outage accessing those websites for few other Cloud SWG customers.  

Support engineer can help users by adding a policy to disable SSLv3 for specific Cloud SWG tenants. The user using that tenant will not be able make any connection over SSLv3 after that. However, it can cause service disruption for any websites using SSLv3. Admin must analyze the impact prior to change, if any. They can login to the portal and go to Account Configuration (the gears at the bottom) > Log Export >  Log Download > Fields included with Download (View/Edit) and add the following fields

x-cs-connection-negotiated-ssl-version
x-rs-connection-negotiated-ssl-version

And then download some logs for a few days and scan that column and see if anything shows up with SSL3 or SSLv3 in any of the columns. If they can't find anything in those columns, then it is PROBABLY OK to disable the SSLv3 policy.