fyr , maybe this new RFC should be added to SSL LABS scoring considerations.
Here a small summary of:
"Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)"
- Ciphers with key length below 112bit (so e.g 56)
- Null Encrypt
- Ciphers with key length below 128bit (especially 3DES cause effective length is like 112bit not 168bit)
- Static RSA
- Forward Security
- minimum 2048bit DH Key exchange