If I run this domain through Qualsys’s SSL Server test, I get an A+. Which feels like a good score. I followed someone else’s instructions on how to do this, but I can’t remember where that was, so I figure putting the configuration here will be handy for me and, potentially, you.
SSLEngine on SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite HIGH:!aNULL:!MD5:!3DES SSLHonorCipherOrder on SSLCompression off SSLOptions +StrictRequire Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"