Qualys SSL Labs and weak ciphers with centos 6.5 and apache

lately i tried to improve the SSL score for qualys ssllabs SSL configuration scanner.
after a view tries i noticed that changes i made to SSLCipherSuite did not change anything at all – so there has to be a config file that overrides the settings for apache 2.2.

qualys error:

TLS_RSA_WITH_DES_CBC_SHA (0x9) WEAK
TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x3) WEAK
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x6) WEAK
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x8) WEAK
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x14) DH 512 bits (p: 64, g: 1, Ys: 64) FS WEAK
TLS_RSA_WITH_DES_CBC_SHA (0x9) WEAK
TLS_DHE_RSA_WITH_DES_CBC_SHA (0x15) DH 1024 bits (p: 128, g: 1, Ys: 128) FS WEAK

Solution:

what i learned is if you use an apache 2.2 with vhosts! the apache vhosts config for your site overrides the /etc/httpd/conf.d/ssl.conf settings! this behaviour makes no sense at all to me – nevertheless, here is the solution:

settings i used for /etc/httpd/conf.d/ssl.conf

 

and for /etc/httpd/conf/sites-available/.vhost

 

 

 

 

thats the trick for an A- Rating. as far as i know A(+) Rating is not possible while running apache 2.2.