Unfortunately using stock debs prevents me from (easily) upgrading any perl module, including IO::Socket::SSL. However, after a bit of research I decided to edit Mojo/IOLoop/Server.pm and tweak how Mojo invokes IO::Socket::SSL. The change is below, and it's not a great solution but I am trying to optimize here and not fix an actual bug. The worst thing that can happen is that a new version of Mojo is released for Ubuntu 14.04 LTS and I lose this optimization. With this change my ssllabs score went from a B to an A-. I WOULD have to upgrade my version of IO::Socket::SSL to get any higher at this point.
SSL_version => 'SSLv23:!SSLv3:!SSLv2',
SSL_cipher_list => 'ALL:!LOW:!EXP:!aNULL:!RC4',
Just to be clear, if you are using cpan or something like that to use the latest version of everything I'm sure that you are already covered and you can ignore this thread. I have just made the decision to A) ensure my development and production environments are always identical, B) schedule all my conversion effort, risk, and pain for when a new version of Ubuntu LTS comes out, and C) not be rushed to roll out those changes until they are well tested.
James