Securing Apache against SSL attacks

Apache is one of the most secure software out there but the SSL module is not very restrictively configured by default. Many of you know that SSLv3 in now considered insecure and so are RC4 and other algos. Here are two lines which graded the server from "F" to "A" in the SSL testing and helped preventing several SSL attacks as Heartbleed, Poodle and recently Freak.

These lines need to be put into your ssl.conf AND any other vhost directive if apache supports SNI:

Here is an older list: (before 2018):

SSLProtocol TLSv1.2 +TLSv1.1 +TLSv1
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256

Here is a simpler and more up to date list with config options (2018):

SSLProtocol TLSv1.2
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!aNULL:!MD5:!DSS
SSLHonorCipherOrder On
​SSLCompression Off