The security directives to control mod_ssl are added to the Apache documentation that is installed when you build the secure Web serveryou can examine them in depth there. However, a few security directives are worth highlighting here, to give an overview of their use.
Use the SSLCipherSuite directive to control which algorithms are allowed for secure sessions. Unless you are a security expert, you probably need to leave these settings alone.
Use the SSLSessionCache directive to indicate whether to support an interprocess cache of SSL session information (and, if so, what the filename for it should be). Because secure sessions require substantial setup, and because client requests can be served by multiple server/child processes, use of a session cache to share information between child processes can speed things up considerably. Use the value none to turn off the session cache, or use dbm: followed by the path of a file as the session cache.
Use the SSLLog and SSLLogLevel directives to create logs to hold SSL-specific information.
Finally, SSL and X.509 certificates can be used by the server for authenticating clients, much as the server certificate is used by the client to authenticate the server. Use the following directives to set up client authentication using client certificates: SSLCACertificatePath, SSLCACertificateFile, SSLVerifyClient, SSLVerifyDepth, and SSLRequire.