The tutorial explains how to configure the Apache2 cipher selection. It provides better security by defaulting to PFS and disallowing known insecure ciphers.
We start by editing the /etc/apache2/sites-available/002-ssl-www.rivy.org.conf from the previous post.
In the <VirtualHost> section, add the following lines. Please note that I used the settings from the fine folks at bettercrypto.org
SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on # taken from https://bettercrypto.org SSLCipherSuite 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:\ EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:\ +SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:\ !ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'
After saving the file and restarting Apache2, the results look more better. We’re all green. Note that this scan has been done on Jan 31, 2015. It’s always possible that newly discovered vulnerabilities in the selected ciphers influence the rating.