1) Edit the following file
vi /etc/httpd/conf.d/ssl.conf
2) Press key "shift and G" to go end of the file
3) Copy and paste the following lines
* If you are using "vi" press the key "o" to insert after the last line on the file
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
4) We need to verify the lines we added to the config file are no enable by default
* Press the key "escape" to leave the insert mode and press the key "/" in order to search
* You are going to search for
* SSLProtocol ---> comment the line by putting the symbol "#" at the beginning of the line
Also you need to search for
* SSLCipherSuite ---> comment the line by putting the symbol "#" at the begining of the line
* SSLHonorCipherOrder ---> comment the line by putting the symbol "#" at the begining of the line
* SSLCompression ---> comment the line by putting the symbol "#" at the begining of the line
* SSLSessionTickets ---> comment the line by putting the symbol "#" at the begining of the line
NOTE: some of the above lines are already commented so just leave them commented
5) Save the file in "vi" by running ":wq"
6) Restart Apache
# systemctl restart httpd (CentOS 7)
Or
# /etc/init.d/httpd restart (CentOS 6)