[hynek]

Yes, but some of the ciphers aren’t supported in widely used OpenSSL versions (like 0.9.8). I wanted to give people a configuration that works everywhere and is reasonable secure.

If they want more, there’s a link list at the end. Let’s not make perfect the enemy of the good.

Edit I’ve added an advanced section with a link to here so you get your credit. :)

[timdoug]

To be fair, that line does work everywhere; the unrecognized ciphers are just ignored. In fact, on my Debian VPS with OpenSSL 0.9.8 it results in the exact same list of ciphers as the Apache one given in the post ("openssl ciphers" on the command line is very useful).

May as well add the newer ones to get the support if you upgrade your SSL library without having to change your Apache/nginx/etc. conf.