How can I disable 128 bit ciphers in apache?

ssl apache-2.4

Instead of listing ALL and then removing what you don't want you could just list the accepted ciphersuites, e.g.

SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384

Also, you shouldn't focus on getting A+ 100% on the SSL Labs test. There's no such thing as 100% security, but only security against a risk. What's your risk model? Focusing on tests might even give you false sense of security. The most useful part of the test starts after the grading. There, you can make a suitable compromise between security and compatibility. Are you willing to lose the visitors with older browsers that do not support any of your ciphersuites?

Related

Outlook cannot send when connected to IMAP, but it can send mail if I connect it to POP3
OpenWRT - How to redirect all subdomains of a hostname, to the same host, so that it can be reverse proxied?
Android Process Scheduling
Rails4: How to permit a hash with dynamic keys in params?
How to add a button at the end of RecyclerView?
Twig syntax highlighting sublime text
Logging request and response in one place with JAX-RS
invalid redeclaration in auto code generate NSManagedObject Subclass Swift 3
SCRIPT5009: 'URLSearchParams' is undefined in IE 11
'ab' program freezes after lots of requests, why?
main.jsbundle does not exist. this must be a bug with + echo 'react native
How does Java's serialization work and when it should be used instead of some other persistence technique?