diff --git a/ext/rack/example-passenger-vhost.conf b/ext/rack/example-passenger-vhost.conf
index 7d40b9498..e8c2102e8 100644
--- a/ext/rack/example-passenger-vhost.conf
+++ b/ext/rack/example-passenger-vhost.conf
@@ -1,57 +1,57 @@
 # This Apache 2 virtual host config shows how to use Puppet as a Rack
 # application via Passenger. See
 # http://docs.puppetlabs.com/guides/passenger.html for more information.
 
 # You can also use the included config.ru file to run Puppet with other Rack
 # servers instead of Passenger.
 
 # you probably want to tune these settings
 PassengerHighPerformance on
 PassengerMaxPoolSize 12
 PassengerPoolIdleTime 1500
 # PassengerMaxRequests 1000
 PassengerStatThrottleRate 120
 RackAutoDetect Off
 RailsAutoDetect Off
 
 Listen 8140
 
 <VirtualHost *:8140>
         SSLEngine on
-        SSLProtocol             ALL -SSLv2
-        SSLCipherSuite          ALL:!aNULL:!eNULL:!DES:!3DES:!IDEA:!SEED:!DSS:!PSK:!RC4:!MD5:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP
+        SSLProtocol             ALL -SSLv2 -SSLv3
+        SSLCipherSuite          EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
         SSLHonorCipherOrder     on
 
         SSLCertificateFile      /etc/puppet/ssl/certs/squigley.namespace.at.pem
         SSLCertificateKeyFile   /etc/puppet/ssl/private_keys/squigley.namespace.at.pem
         SSLCertificateChainFile /etc/puppet/ssl/ca/ca_crt.pem
         SSLCACertificateFile    /etc/puppet/ssl/ca/ca_crt.pem
         # If Apache complains about invalid signatures on the CRL, you can try disabling
         # CRL checking by commenting the next line, but this is not recommended.
         SSLCARevocationFile     /etc/puppet/ssl/ca/ca_crl.pem
         # Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
         # which effectively disables CRL checking; if you are using Apache 2.4+ you must
         # specify 'SSLCARevocationCheck chain' to actually use the CRL.
         # SSLCARevocationCheck chain
         SSLVerifyClient optional
         SSLVerifyDepth  1
         # The `ExportCertData` option is needed for agent certificate expiration warnings
         SSLOptions +StdEnvVars +ExportCertData
 
         # This header needs to be set if using a loadbalancer or proxy
         RequestHeader unset X-Forwarded-For
 
         RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
         RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
         RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
 
         DocumentRoot /etc/puppet/rack/public/
         RackBaseURI /
         <Directory /etc/puppet/rack/>
                 Options None
                 AllowOverride None
                 Order allow,deny
                 allow from all
         </Directory>
 </VirtualHost>