In the usual "we need to upgrade lenny/carl" boat, but just to record another thing that'd be good: more recent versions of openssl than we're running on the loadbalancers support the ECDHE cipher suites, which as ephemeral provide forward secrecy, and as elliptic curve suites are nicer to our server in the process than DHE (and which are supported by a few more browsers, to boot – the DHE ones we have enabled already aren't used by (at least) IE10, according to the Qualys SSL test service).