I've recently used the Qualys SSL Reports to check certificates on our 2 ASAs configured with SSL VPNs. They are the same HW platform Cisco 5525 and run the same SW 9.4(2)11. The SSL settings are the same as far as I can see. Now one of them comes up with "Secure Renegotiation not supported" and "The server does not support Forward Secrecy with the reference browsers" and the other one passes these tests OK.
Both devices have Group Policy/advanced/AnyConnect Client/Key regeneration/renegotiation Method = none
Can anybody point me in the right direction where I could fond out what goes on here.