diff --git a/attributes/mod_ssl.rb b/attributes/mod_ssl.rb
new file mode 100644
index 000000000..4f3e95ed3
--- /dev/null
+++ b/attributes/mod_ssl.rb
@@ -0,0 +1,19 @@
+# 
+# Author:: Nathan L Smith <nlloyds@gmail.com>
+# Copyright:: Copyright (c) 2012, Opscode, Inc.
+# License:: Apache License, Version 2.0
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#    http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# 
+
+default['apache']['mod_ssl']['cipher_suite'] = 'RC4-SHA:HIGH:!ADH'
diff --git a/templates/default/mods/ssl.conf.erb b/templates/default/mods/ssl.conf.erb
index 6e3169320..2582f3062 100644
--- a/templates/default/mods/ssl.conf.erb
+++ b/templates/default/mods/ssl.conf.erb
@@ -59,11 +59,12 @@ SSLMutex  file:/var/run/ssl_mutex
 SSLMutex  file:/var/run/apache2/ssl_mutex
 <% end -%>
 
+SSLHonorCipherOrder On
 #   SSL Cipher Suite:
 #   List the ciphers that the client is permitted to negotiate.
 #   See the mod_ssl documentation for a complete list.
 #   enable only secure ciphers:
-SSLCipherSuite HIGH:MEDIUM:!ADH
+SSLCipherSuite <%= node['apache']['mod_ssl']['cipher_suite'] %>
 #   Use this instead if you want to allow cipher upgrades via SGC facility.
 #   In this case you also have to use something like
 #        SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128