The SSLLabs.com test will provide ratings based on the Keys strength as noted below. I will provide a cipher suite that supports Perfect Forward Secrecy (FS) for Elliptical Curves and RSA in the best possible order. Currently they include legacy ones that are considered safe for your consideration based on your need and environment.
0 bits (no encryption) 0%
< 128 bits (e.g., 40, 56) 20%
< 256 bits (e.g., 128, 168) 80% <---we will score a 90-95% Removing 128 bit ciphers would drop support for too many people!
>= 256 bits (e.g., 256) 100%
ECC can use smaller key sizes while offering comparable cryptographic strength.
|Symmetric Key length (bit)||RSA Key length (bit)||ECC Key length (bit)||Ratio ECC/RSA Key||RSA Certificate Size||ECC Certificate Size||Ratio ECC/RSA Certificate|
|80||1024||160||5x smaller||2048||192||10x smaller|
|112||2048||224||9x smaller||4096||224||18x smaller|
|128||3072||256||12x smaller||7680||256||23x smaller|
|192||7680||384||20x smaller||15360||384||39x smaller|
|256||15360||521||29x smaller||30720||512||57x smaller|