If you administrate a Webserver, this may be helpful:
1. Make sure you are running Apache 2.4.
Apache 2.2 does NOT have support for any form of forward-secrecy at the moment (it used to, but then we had the BEAST attack, and to mitigate that, everyone switched to RC4 ciphers). Only the elliptic-curve ciphers (ECDHE) are immune to BEAST AND have forward secrecy, and these are only supported in Apache 2.3 and above.
2. If you're running Ubuntu, that means you have to upgrade your production server to the latest alpha, Saucy/13.10.
(This set is still not perfect, but it seems to be the best compromise we can have; it is proof against BEAST, supports RC4 for old browsers, and has perfect forward secrecy for all modern clients other than IE 10.)