SSLv3 POODLE mitigation recommendations

Hi.. Guided by your article, I am using following setting in my Nginx: ssl_ciphers "AES128+EECDH:AES128+EDH:!aNULL:-RC4:-SSLv3:SSLv3+RC4-SHA"; SSLLabs testing shows though the clients which don't have support for TLS e.g. IE/WinXP do use RC4 on SSLv3 to get connected but even those clients which don't use SSLv3 but use TLS 1.0 (and not TLS v1.2) e.g. IE 8-10/Win 7, IE8/XP, all Android < 4.4 start using RC4. Without the "-RC4:-SSLv3:SSLv3+RC4-SHA" part in above setting, they use stronger ciphers.