There is a relative new attack: the freak attack. How ever the proven apache config from https://mariobrandt.de/archives/apache/current-2013-bullet-proof-ssl-config-779/ still works.

 

— update —

see https://mariobrandt.de/archives/apache/sslciphersuite-alias-crypto-wars-945/