Hi,
regarding wrong prefix. There seems to be a legacy reason mentioned here. This means that there does not seem to be a way to disable SSLv3 in ABAP AS. What happens if you allow SSL_RSA_WITH_3DES_EDE_CBC_SHA. It's a valid option for TLS v1.0 but does it enable SSLv3 as well?
Also that behavior seems to be wrong. Why should all combinations be enabled on server? A client and server need to agree on one particular suite. The behavior seems to be wrong and should be addressed by SAP.
I believe both issues should be addressed as security notes.
Cheers