A developer recently ran a PCI Scan with TripWire against our LAMP server. They identified several issues and instructed the following to correct the issues:

Problem: SSL Server Supports Weak Encryption for SSLv3, TLSv1,

Solution: Add the following rule to httpd.conf

SSLCipherSuite ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

Problem: SSL Server Supports CBC Ciphers for SSLv3, TLSv1

Solution: Disable any cipher suites using CBC ciphers

Problem: SSL Server Supports Weak MAC Algorithm for SSLv3, TLSv1

Solution: Disable any cipher suites using MD5 based MAC algorithms

I tried searching google for a comprehensive tutorial on how to construct an SSLCipherSuite directive to meet my requirements, but I didn't find anything I could understand. I see examples of SSLCipherSuite directives, but I need an explanation on what each component of the directive does. So even in the directive SSLCipherSuite ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM, I dont understand for example what the !LOW means.

Can someone either a) tell me the SSLCipherSuite directive that will meet my needs or b) show me a resource that clearly explains each segment of a SSLCipherSuite is and how to construct one?