The SSL Server Rating Guide (version 8 December 2014) is a bit confusing to me.
In Table 4 (Key exchange rating guide) it says:
Key or DH parameter strength < 4096 bits (e.g., 2048) 90%
Key or DH parameter strength >= 4096 bits (e.g., 4096) 100%
I think the last line should read
Key and DH parameter strength >= 4096 bits (e.g., 4096) 100%
Otherwise the case where the key is 2048 bits and the DH parameter uses a 4096 bits key is not covered.
My certificate is 'RSA 2048 bits'. This is more than safe enough for the time being but do I understand correctly that this will keep me from the 100% score even if I set the DHparams to use a 4096 bit key?