That, coincidentally, is the configuration that we (CloudFlare) are using for all our SSL sites: http://blog.cloudflare.com/new-ssl-vulnerabilities-cloudflar... One of the things we try to do for our customers is worry about this sort of thing so they don't have to.