This server does not support Forward Secrecy with the reference browsers. Grade capped to B.

[yangm97]

Forward secrecy (sometimes also called perfect forward secrecy) is a protocol feature that enables secure conversations that are not dependent on the server’s private key. With cipher suites that do not provide forward secrecy, someone who can recover a server’s private key can decrypt all earlier recorded encrypted conversations. You need to support and prefer ECDHE suites in order to enable forward secrecy with modern web browsers. To support a wider range of clients, you should also use DHE suites as fallback after ECDHE. Avoid the RSA key exchange unless absolutely necessary. My proposed default configuration in Section 2.3 contains only suites that provide forward secrecy.

https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices#25-use-forward-secrecy

[jevolk]

I've automated ecdh parameters as the default when nothing is supplied in the listener's configuration. I'm disappointed this is not done by boost::asio::ssl.

Still, I show trouble with

IE 11 / Win Phone 8.1  R | RSA 2048 (SHA256) | TLS 1.2 | TLS_RSA_WITH_AES_128_CBC_SHA256  No FS

I'm not sure why that is downgrading to a non-FS cipher.