If I use the SSL cert and configuration autogenerated with this module, I get the following alerts from https://www.ssllabs.com/ssltest :
Certificate has a weak signature and expires after 2016. Upgrade to SHA2 to avoid browser warnings.
This server accepts the RC4 cipher, which is weak. Grade capped to B.
It would be great if the module provided a best-practices configuration out of the box.