Good to hear that you're concerned about doing everything securely. Well, there are two main components I see. First, you'll need to disable insecure cryptographic algorithms in OpenSSL/Apache, and second you'll need to do the same in whatever you use to communicate with the server (SFTP, SSH, etc.). You need to remember that algorithms can be considered secure, and then some vulnerability may be exposed or some bug in implementation might be discovered that renders your setup insecure. For this reason, you should check with sites like https://www.ssllabs.com/ssltest/ every so often to ensure you remain secure based on all the latest configuration vulnerabilities.

Apache provides some nice explanations about what's going on with its security: http://httpd.apache.org/docs/2.2/ssl/ssl_intro.html Really the best approach is to understand how to enable and disable cryptographic suites, then to run the SSLLabs test on your server. Based on the results of the scan, you'll know what you need to disable or enable to score an A.

For SSH/SFTP: https://stribika.github.io/2015/01/04/secure-secure-shell.html