There is a relative new attack: the freak attack. How ever the proven apache config from https://mariobrandt.de/archives/apache/current-2013-bullet-proof-ssl-config-779/ still works.
— update —
see https://mariobrandt.de/archives/apache/sslciphersuite-alias-crypto-wars-945/