Strong encryption is strong. Weak encryption is weak.
*All* SSL is extremely weak, on the borderline of snake oil.
Anyone who can MITM a HTTP request coming from almost any public CA to the target domain in question can obtain a valid certificate. The only thing SSL provides meaningful protection against is MITM who are near the end user (e.g. their ISP or open hotspot, etc).
I haven't looked into detail of the above report, but generally you need to be careful with these auditing tools, because they often ding fairly harmless settings differences which are
necessary for compatibility with older browsers and which don't make a practical difference for security. Sometimes following them too aggressively can actually lower the security in practice by forcing some users off HTTPS.
Given the generally low security of HTTPS, stuff like 4096 bit RSA vs 2048 bit is mostly security theatre. Sure, why not, google doesn't ding sites as much anymore for having a slower connection due to HTTPS. ... but it's not something that is worth basically any attention.
