It's probably your apache, actually; 2.2 can't do ECDHE, even though the openssl in Debian 7 can.

Sadly, this means IE doesn't get forward secrecy, because it can't do do DHE with RSA keys, only DSS.