If you are administering SSL enabled sites, you MUST keep track of latest security practices

Why is that? If you add a new server with different defaults, do you a) update all the other servers to the new defaults, or b) set the new server to your existing configuration.

Most server applications don't change defaults between minor versions because it leads to even worse problems. Such as users not updating because their application breaks and keeping old bugs alive.