Synology DSM 4.1 is vulnerable to BEAST and the Lucky Thirteen attacks out of the box. Switching to RC4 ciphers makes these attacks, and any other future CBC-targeting attacks, not work.
To fix this these 2 files need to be updated:
/usr/syno/apache/conf/extra/httpd-alt-port-ssl-setting.conf /usr/syno/apache/conf/extra/httpd-ssl.conf-common
Update them such that the line starting with SSLCipherSuite
is replaced with these two lines:
SSLHonorCipherOrder On