Why is anyone still configured for SSLv2 anyway? Yes, the openssl bug (CVE-2015-3197) that allowed SSLv2 to be used even when disabled means there's still an issue to be patched, but that's not the question.
We know SSLv2 is insecure. It's been on the bad-boy list for many years. So why do people still have it configured?