A few days ago we had an external vulnerability scan by an Approved Scanning Vendor (ASV) to pass PCI DSS, in the report we saw these two vulnerabilities also reported by our Nessus scan:
The remote service supports the use of medium strength SSL ciphers:
The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits.
Nessus ID: 42873
The remote service supports the use of weak SSL ciphers:
The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all.
Nessus ID: 26928
To fix this, you just have to change the apache2 ssl configuration as follows:
SSLProtocol -all +SSLv3 +TLSv1 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
After this change, restart the Apache webserver and run Nessus again. The warnings on those two vulnerabilities should now disappear.