Two things are important for any HTTPd configuration: mitigation of BEAST and Forward Secrecy. Perfect Forward Secrecy is hard since IE9 does not support any of the DHE or ECDHE.
For details on what all that means see SSL Labs article on deploying forward secrecy. This config below scores very well with SSL Labs test suite.
For the benefit of future readers: using the explicit list of ciphers from the referenced SSL Labs article only got my site an overall "C" rating in SSL Labs' own tests, whereas the following much simpler alternative gets an "A":
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";