just noticed the detection for "client-initiated renegotiation disabled" is incomplete.
I assume you're sending a hello request?
Better would be to send a Client Hello and watch out for a corresponding Server Hello.
Thats the way the "thc-ssl-dos"-tool from http://www.thc.org brings down servers.
People who believe their server is "secure" because of this rating might be vulnerable
against an attack using the mentioned tool.
BTW: *.google.com behaves wrong on TLS1.2 using ECDHE_RSA_* ciphers. The
hashes inside the signatures they calculate are anything but not the expected ones.
Short comment from my side can be found here: