Unless you're worried about lack of GCM (and I guess you're not, given the next suite spec), you might as well make that highest-preference suite ECDHE-RSA-AES128-GCM-SHA256.