During the summer rumours about a new attack against SSL started circulating (CVE-2011-3389).
As it turns out, the attack itself was conceived years ago, deemed impractical, but it was nevertheless fixed in TLS 1.1. The new attack technique introduced a few optimizations to make it practical.
In terms of mitigation, I expect this problem will be largely addressed on the client side, despite a potential compatibility problem that may cause some TLS sites to stop working.
With this config you can avoid that attack.
SSLProtocol all -SSLv2 SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM:!SSLV2:!eNULL #NO Longer needed cause since IE 7 this works ;) #SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
With OpenSSL 1.0.1 it must be