Code: Select all
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
However, be aware of the following oddity:
Code: Select all
IE Mobile 11 / Win Phone 8.1 Protocol or cipher suite mismatch Fail
To make it more secure still, you could add :!RC4 to the end, as per the qualys blog post, but I find this stops most things from working so I'm not sure what that's all about. You could also try adding :+RC4:RC4 to enable it as a last resort thing, which seems like a reasonable compromise.
Anyway, see https://community.qualys.com/blogs/secu ... rd-secrecy to decide for yourself.
Note that the syntax being used on that page is slightly different to the one I use, i.e. the cyphersuite is in quotes with spaces as delimiters, as opposed to using no quotes and using : as a delimiter.