If I run this domain through Qualsys’s SSL Server test, I get an A+. Which feels like a good score. I followed someone else’s instructions on how to do this, but I can’t remember where that was, so I figure putting the configuration here will be handy for me and, potentially, you.

SSLEngine		on
SSLProtocol		all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite		HIGH:!aNULL:!MD5:!3DES
SSLHonorCipherOrder	on
SSLCompression		off
SSLOptions		+StrictRequire
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"