> On Centos, after you update openssl, this is one choice ;
> bind 0.0.0.0:443 ssl no-sslv3 crt /etc/ssl/certs/yourkey.pem ciphers [...]
> On another OS, he qualms page describes how to get the list of ciphers.
My suggestion is to always use the recommended cipher list from Mozilla.
If your OpenSSL release doesn't support specific ciphers, it will just ignore
them and use those that are available.
That said, for new deployments one should make sure to use openssl 1.0.1
(or 1.0.2, if available).
For new deployments in the CentOS/RHEL world, please start right away
with release 7 and start thinking about upgrading existing 5 and 6 installations
to 7.
Lukas
