Optimal secure SSL Cipher Configuration for Apache and Nginx

 

# apache SSLProtocol all -SSLv2 -SSLv3
# RC4 is broken and is not specified in the allowed ciphers, 3DES is used instead for legacy connections, still somewhat secure
SSLHonorCipherOrder on 
SSLCipherSuite "-ALL EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EDH+aRSA+AESGCM EECDH+ECDSA+AES EECDH+aRSA+AES EDH+aRSA+AES RSA+3DES"
 
# nginx 
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
ssl_prefer_server_ciphers on; 
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EDH+aRSA+AESGCM EECDH+ECDSA+AES EECDH+aRSA+AES EDH+aRSA+AES RSA+3DES !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_ciphers "-ALL EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EDH+aRSA+AESGCM EECDH+ECDSA+AES EECDH+aRSA+AES EDH+aRSA+AES RSA+3DES”;

REFERENCES

http://security.stackexchange.com/questions/51680/optimal-web-server-ssl-cipher-suite-configuration