The version provided by CentOS does not support Forward Secrecy for SSL or TLS 1.2.
Version 2.2.24+ of upstream Apache includes patches which enable both Forward Secrecy and TLS 1.2. Now that C6's OpenSSL can also support both TLS 1.2, and Forward Secrecy, upgrading Apache slightly to be able to use both of those is a very viable option.
I have a CentOS 6 machine running CentOS provided apache, openssl, and mod_ssl which implements TLS 1.2 and Forward Secrecy and is rated A+ by the SSL Server test at ssllabs.com. In regards to Forward Secrecy it is color coded green and says "Yes (with most browsers) ROBUST (more info)"
Barry _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos