SSL config for web server compatible with PCI-DSS requirements about disabling CBC and TLSv1.0
There's not really much to do to increase compatibility with browsers, if you disable TLS1.0, and disable all CBC ciphers.
However, CBC ciphers are NOT considered "weak" if TLS1.0 is disabled. The vulnerability BEAST attack is based on is not present in TLS1.1 and above.