Apache上的SSLconfiguration

我有一个OpenSSL / 1.0.1s的Apache / 2.4.18服务器。 我使用Mozilla SSLconfiguration生成器来生成SSLconfiguration：

SSLProtocol all -SSLv3 SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS SSLHonorCipherOrder on SSLCompression off SSLSessionTickets off 

SSL实验室testing给出这些消息：

 The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C. The server does not support Forward Secrecy with the reference browsers. 

而且，在“握手模拟”中，它给出了这样的信息：

 Apple ATS 9 / iOS 9 R Server sent fatal alert: handshake_failure 

我如何摆脱这些，特别是最后一个，使iOS 9用户可以连接没有任何问题？

• 在电子邮件发送中使用TLS
• 设置registry项并重新启动Windows 2008 R2后，仍然启用SSL 3
• 在邮件服务器上为TLS检查哪个DNS名称？
• 有可能有一个既可互操作又安全的电子邮件服务器？
• cPanelconfiguration似乎允许未经身份validation的SMTP – 如何解决？

谢谢！

 Listen 443 SSLEngine on SSLPassPhraseDialog builtin SSLProtocol ALL -SSLv2 -SSLv3 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!RC4+RSA:+HIGH:!MEDIUM:!LOW:!MD5:!DES SSLCertificateFile /path/to/cert SSLCertificateKeyFile /path/to/key SSLCACertificateFile /path/to/cacert 

 Header always append X-Frame-Options SAMEORIGIN Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure Header always set X-ServerId 1