I was able to get an A+ rating from ssllabs by using these simplified steps:
At Home / Service Configuration / Apache Configuration / Global Configuration, I set:
SSL Cipher Suite:
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSL/TLS Protocols: All -SSLv2 -SSLv3 -TLSv1
(for my limited audience, I chose to disable TLSv1.0 but maybe not right choice for big public websites yet)
Then at Home / Service Configuration / Apache Configuration / Include Editor, I edited Pre Main Include (All Versions) and pasted these two lines:
Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
SSLHonorCipherOrder on
I then rebuilt Apache and I'm getting A+ ratings. Note that I have a mix of always-SSL and never-SSL websites hosted on my server, and they all continue to work fine. The header Strict-Transport-Security is even returned on my never-SSL websites, which doesn't seem right, but the docs at Wikipedia say it is always ignored on non-SSL responses and that matches my experience so far. ssllabs shows the header being returned/recognized on my SSL websites.
This blog post from last year also suggests editing Pre Main Include ( Getting an A+ on SSL Labs test in on all cPanel domains in 5 minutes – kris.io : virtualization & cloud ) rather than directly editing conf files. I mention this since it's easier to edit Pre Main Include and it might persist better & avoid closing you off from future updates to the core conf templates.