I was able to get an A+ rating from ssllabs by using these simplified steps:
At Home / Service Configuration / Apache Configuration / Global Configuration, I set:
SSL Cipher Suite:
SSL/TLS Protocols: All -SSLv2 -SSLv3 -TLSv1
(for my limited audience, I chose to disable TLSv1.0 but maybe not right choice for big public websites yet)
Then at Home / Service Configuration / Apache Configuration / Include Editor, I edited Pre Main Include (All Versions) and pasted these two lines:
Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
I then rebuilt Apache and I'm getting A+ ratings. Note that I have a mix of always-SSL and never-SSL websites hosted on my server, and they all continue to work fine. The header Strict-Transport-Security is even returned on my never-SSL websites, which doesn't seem right, but the docs at Wikipedia say it is always ignored on non-SSL responses and that matches my experience so far. ssllabs shows the header being returned/recognized on my SSL websites.
This blog post from last year also suggests editing Pre Main Include ( Getting an A+ on SSL Labs test in on all cPanel domains in 5 minutes – kris.io : virtualization & cloud ) rather than directly editing conf files. I mention this since it's easier to edit Pre Main Include and it might persist better & avoid closing you off from future updates to the core conf templates.