Now in December 2013 the best available SSL config with a 4096 bit RSA Key and httpd Apache 2.4.7 with OpenSSL/1.0.1e.
SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000) SSLOptions +StrictRequire +StdEnvVars -ExportCertData SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2 SSLCompression Off SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!LOW:!MD5:!aNULL:!eNULL:!3DES:!EXP:!PSK:!SRP:!DSS
YES Windows XP is no longer supported with this. But for me there is no more need to do so.
The SSL Test Lap Test shows a very good result. The Cipher Strength is at 100%. So any browser will use a 256 bit encrypted connection to that server.
This is still valid against CVE-2014-8730
See the update https://mariobrandt.de/archives/apache/sslciphersuite-alias-crypto-wars-945/