SDP MSP 9.0 Build 9009

After setting up HTTPS and installing my SSL certificate I want to ensure the site is protected from known vulnerabilities.  

I ran my CA's inspection tool and it tells me that I have two weaknesses, 1) RC4 Cipher Enabled - A cipher suite is enabled that is using the weak RC4 stream cipher and 2) BREACH Vulnerability - The server is vulnerable to the BREACH attack

For the RC4 issue, I found your FAQ article ( http://kbase.servicedeskplusmsp.com/faq/admin-3/admin-general/general/how-do-i-disable-weak-and-anonymous-ciphers-from-being-used-in-https-connection.html ) that says to mitigate insecure ciphers by modifying the server.xml file with the following info:

1. ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
2. TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
3. TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
4. SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"

However, the server.xml file aleady contains the following:

1. ciphers="SSL_RSA_WITH_RC4_128_MD5,
2. SSL_RSA_WITH_RC4_128_SHA,
3. TLS_RSA_WITH_AES_128_CBC_SHA,
4. TLS_EMPTY_RENEGOTIATION_INFO_SCSV"

For the BREACH issue, this is what the CA's tool reports:

https://www.digicert.com/cert-inspector-vulnerabilities.htm#breach_attack

So I have two questions:

1. Given what is already there, what is the correct info to put into server.xml to mitigate the RC4 issue? I don't want to guess and introduce anything that might make my situation worse.
2. How can I mitigate the BREACH issue?

Thanks