Now with 2.4.1 which includes OpenSSL 1.0.1 I've secured my server against BEAST attack with
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
However, when I run the https://www.ssllabs.com/ssldb/analyze.html test, I see that apache supports up to TLS 1.0, but not TLS 1.1 nor TLS 1.2. But OpenSSL 1.0.1 should support TLS v1.2
Is there any chance to have the 256 bit encryption again and / or ( TLS 1.1 or TLS 1.2)
I played with this a couple weeks ago and used Opera because I know it's supposed to be TLS 1.2 compatible.
https://www.apachehaus.net/Qualys/
First cipher in order is TLS/1.2 256bit, however, no matter what I did, Opera would only use 128 bit ciphers, I deselected all non 256 TLS/1.2 cyphers in Opera's options and it could not communicate. FF would only use RC4. I forgot what happened when I denied TLS/1.0 at the server, FF likely did not work. What was odd however was I actually lost points on Qualys score after doing that.
What is your SSLCipherSuite ?
SSLProtocol all -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
Another interesting thing, if I turn off all but TLS/1.2 in opera, it will not connect. But if I have TLS/1/1 & 1.2 options checked, it will and page info shows it as TLS/1.2.
https://www.apachehaus.net/Qualys/opera.png
IE9 is like Firefox, falls back to RC4
https://www.apachehaus.net/Qualys/ie9.png
If I use SSLProtocol all -SSLv3 some browsers and ssllabs.com can't connect. With your config the main target firefox still uses 128 bit encryption than :-/
But the ssllabs.com test shows now TLS 1.2. I whish the browser could use that.