UPDATE 2008-06-25: Here's my current recommendation (the rest is left for historical context).
SSLCipherSuite DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA:DHE-RSA-AES128-SHA: AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA
The completist (Thawte-style)
SSLCipherSuite DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA: AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5
The minimalist (Microsoft-style)
For the Comodo version of the minimalist, swap the order of the 2 AES ciphers.
UPDATE 2008-04-04: Slight change to the minimalist config based on more detailed results from the new tool. This also means that the Comodo config is not what is stated above, but is instead:
The descending minimalist (Comodo-style)
Enter the 36 chambers of infrastructure wu-tang
- Recommended SSLCipherSuite configurations for Apac...
- SSL/TLS cipher selection, with examples and discus...
- The sorry state of SSL/TLS operational best practi...
- BigDecimal: mostly acceptable alternative to Float...
- rb_spread patch for Ruby 1.8.recent/1.9 and Spread...
- Floating point arithmetic, bug reports, and monkey...
- ▼ March (6)