It is time to switch your HTTPS preferred cipher from RC4_128 (Apache 2.2) | So what was once the preferred cipher to use, is now one to be avoided. Instead of an RC4 cipher, consider using an AES-GCM varient as your go to cipher. Google and Facebook have made the switch, and now the rest of the internet is following.
Configure nginx for PFS and ssllabs.com A Rating | Here is a quick configuration for nginx to achieve an ‘A’ score on ssllabs.com. This example is from Debian Wheezy using OpenSSL 1.0.1e and nginx 1.2.1 and also enables Perfect Forward Secrecy as added security against the NSA or other snooping!
How to Enable OCSP stapling in Apache | OCSP stapling requires Apache 2.3.3 or later. If you are running a stable Apache 2.4 branch, it is wise to take advantage of this security feature. Here is an example configuration that can be used: