Sources: https://jve.linuxwall.info/blog/index.php?post/2013/10/12/A-grade-SSL/TLS-with-Nginx-and-StartSSL https://www.insecure.ws/2013/10/11/ssltls-configuration-for-apache-mod_ssl/
RC4
Full discussion: https://bugzilla.mozilla.org/show_bug.cgi?id=927045
RC4-based ciphers ought to be completely removed from the list, better attacks are coming like this one: https://www.usenix.org/conference/usenixsecurity13/security-rc4-tls'
Page protection
This wiki page is protected against changes. Changes must be discussed in this section beforehand. If you have any comments, please leave them here.
Prioritzation logic and ciphersuite recomendation
The Prioritization logic says to prioritize 128 bit AES over 256 bit, but recommended ciphersuite has DHE-RSA-AES256* prioritized over DHE-RSA-AES128*. Breaking rule #3. Lots of non-forward-secret ciphers are prioritized over DHE-RSA-AES128*, breaking rule #2.
I think the recommended ciphersuite should be fixed to reflect the rules in the priorization logic.