- All ciphers below 128 bit should be disabled
- ECDHE based ciphers should be prioritized
- RC4 based ciphers should be disabled
- The following Ciphers should be enabled and given highest priority.
- Disable all Export Ciphers
This is also my current configuration, so you can use it to test the configure on older browsers/devices to check compatibility.