In a blog post called "Navigating the TLS landscape", Mozilla announced its Security/Server Side TLS guide.

The main objective of this guide is to help SysAdmin configure their web server in order to improve security for web server clients. The guide gives the preferred configuration as well as justification for choices made, which is a very good thing. There is a strong emphasis on forward secrecy. Configuration parameters for several web servers are provided (Nginx, Apache, Haproxy, Stud, ...). It also provide some tips to check the configuration.

Next step: apply it on my own server!