> The version provided by CentOS does not support Forward Secrecy for SSL > or TLS 1.2. > Version 2.2.24+ of upstream Apache includes patches which enable both > Forward Secrecy and TLS 1.2. > > Now that C6's OpenSSL can also support both TLS 1.2, and Forward > Secrecy, upgrading Apache slightly to be able to use both of those is a > very viable option. I have a CentOS 6 machine running CentOS provided apache, openssl, and mod_ssl which implements TLS 1.2 and Forward Secrecy and is rated A+ by the SSL Server test at ssllabs.com. In regards to Forward Secrecy it is color coded green and says "Yes (with most browsers) ROBUST (more info)" Barry