TL;DR: edit /etc/apache2/mods-enabled/ssl.conf and specify ciphers like this:
# enable only secure protocols: SSLHonorCipherOrder On
SSLCipherSuite "EECDH+AESGCM EDH+AESGCM EECDH -RC4 EDH -CAMELLIA -SEED -DES-CBC3-SHA -DES-CBC-SHA RSA !aNULL !eNULL !LOW -3DES !MD5 !EXP !PSK !SRP DSS !RC4 -EDH-RSA-DES-CBC-SHA -EDH-RSA-DES-CBC3-SHA -ADH-DES-CBC-SHA -ADH-DES-CBC3-SHA -DES-CBC-SHA AES128-SHA kRSA -DES-CBC3-SHA"
# new settings recommended for 2020/2021 and later ... SSLProtocol -ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2 +TLSv1.3
SSLCompression off SSLInsecureRenegotiation off
This config has been tested withhttps://www.ssllabs.com/ssltest/ and should give you an "A+" rating.
Long version: Apache - SSL/TLS Strong Encryption How-To:
https://httpd.apache.org/docs/trunk/da/ssl/ssl_howto.html