My preferred Apache directives are:
SSLProtocol ALL -SSLv2
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!NULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
P.S.: the default Apache2 () SSL configuration in Debian Squeeze results in the exact same allowed cipher set:
SSLCipherSuite HIGH:MEDIUM:!ADH
I guess it relies on some defaults in mod_ssl which might differ in older Apache versions. So no problem if you're a bit overcautious and disable weak ciphers explicitly.
Comments
TLSv1 might not cut it either ...