I'm pleased to report that simply updating CPanel has removed SSLv3 ciphers from many of the services that previously offered them (465, 2083, 2087, etc). I had already disabled them in Apache when I saw that a CPanel update was forthcoming, but you can see from the linked nmap output that most services no longer support SSLv3. It looks like my Courier config is the only thing that will require a manual tweak.. (And yes, I also should disable the weak ciphers...)
/https://gist.github.com/anonymous/721e2c973aa5c073c0ff