I use apache2 on a SLES box and have configured SSL via mod_nss (because the standard mod_ssl is not able to provide TLS 1.1/1.2 due an old and not up-gradable openssl <1.0 package in SLES).
How do I enable Forward Secrecy (FS) with such a setup? The guides that are available are mostly based on mod_ssl. I tried to follow instructions at https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy and enabled the ECDHE ciphers that are mentioned there, but according to https://www.ssllabs.com/ssltest/ this did not have any effect. I especially miss an analog to SSLHonorCipherOrder in mod_nss.
Is there a mod_nss specific guide anywhere, or is anyone who managed to set this up willing to share the config?