tls – Oracle OpenSSL Padding. The specific ciphers on apache2 seem a bit limited

I have read many articles that officially explain how to prevent OpenSSL Padding Oracles. They usually indicate that its CBC encryption suites leave you vulnerable.

The following list works for me and allows me to get an A on SSLLabs.

SSLProtocol -all + TLSv1.2
SSLHonorCipherOrder On
SSLCipherSuite ECDH + AESGCM: DH + AESGCM: RSA + AESGCM :! AnĂ¼ll :! MD5 :! DSS :! DOW :! MEDIUM

My problem is that I can not add any more without getting an F and being open to the Oracle Padding in question.

If I then compare that to the results of a security website, such as They receive A + AND they have CBC figures present.

My question then, how can I protect myself against Oracle OpenSSL Padding (CVE-2016-2107), while allowing more ciphers? Is there more configuration I can do elsewhere to protect, while allowing a wider range of ciphers (LOW or not)? I also see that TLSv1.0 and TLSv1.1 can also be enabled with a limited number of ciphers. ****

My reasoning is that my current list prevents Safari 6-8, Android 2-4 and Windows 7 IE 8-10. I would like to open this.

Thank you