Open /etc/apache2/apache2.conf in you favorite editor
- Disable ssl v2 and v3 by changing the line starting with sslprotocol to the one below
SSLProtocol ALL -SSLv2 -SSLv3
- add the following line to make sure the ciphers are used in best order
SSLHonorCipherOrder On
- Change the sslcipherSuite line to the one below and save the file afterwards
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
- Restart apache2
service apache2 restart
- check the configuration on ssllabs