More info on this:
All modern browsers support TLSv1 at a minimum, and most also support TLSv1.1 and TLSv1.2.
We recommend disabling SSLv3 support in the browser.
As long as one side of the connection refuses to support SSLv3, the attack will be unsuccessful.
If you have a controller, executing the following command from the controller CLI will enable only TLSv1:
(config) #web-server ssl-protocol tlsv1
For our official response, see here:
http://www.arubanetworks.com/support/alerts/aid-10142014.txt