"Disabling SSL 3.0 support … presents significant compatibility problems"
"Therefore our recommended response is to support TLS_FALLBACK_SCSV."
I've seen a few commenters here on HN that point out that pretty much everything since Windows XP (ignoring IE6) supports at least 1.0 of the TLS protocols. While that may be correct in theory, in practice it's not.
At a 1MM+ visitors/week site we still see a few percent of our users that regularly connect using SSLv3 across different versions of Windows, including more modern ones such as Windows Vista, 7 and 8(!)
Though I'm not sure why this is the case, antivirus software suites such as McAfee have in the past been known to disable TLS 1.0 system wide in Windows.
"[...] Also, handshake errors due to network glitches could similarly be misinterpreted as interaction with a legacy server and result in a protocol downgrade."
Perhaps that's what you're seeing.
so we're talking 2% of 1% that are dead in the water.
"For clients, a quick look at https://www.ssllabs.com/ssltest/clients.html shows that even older clients (Android 2.3, Java 6, the oldest supported version of IE, etc) support TLS 1.0, so there should be no issues disabling SSLv3 on servers too."
But IE8 is readily available on XP so who would use IE6