davidben:  I assume this is delated to the removal discussed in https://groups.google.com/a/chromium.org/forum/?utm_medium=email&utm_source=footer#!msg/net-dev/EE8XpDJytBs/XnZnCFiUAQAJ / https://bugs.chromium.org/p/chromium/issues/detail?id=658341

Yup. Why do you have "!EECDH+AESGCM" in your cipher config? You're going out of your way to disable the only ciphers in TLS which are not known to be broken.

@davidben Qualys SSL test suggested I do not use GCM ciphers, but it kept coming up in tests, so I tried to disable anything that they claimed was there and used GCM.

That's backwards. Did you perhaps misinterpret things? That's backwards. Remove "!EECH+AESGCM" from your cipher suite config. 

The AEAD-based ciphers (so GCM ciphers and CHACHA20_POLY1305 if you have a sufficiently new stack) are the only non-broken ones we've got. The others are being removed in TLS 1.3 and Qualys has announced here that, in 2017, AEAD-based ciphers will be necessary for an "A+" rating. (I'm disappointed they aren't required today since we've known for a while that TLS's CBC-mode ciphers are broken, but better late than never.)

https://blog.qualys.com/ssllabs/2016/11/16/announcing-ssl-labs-grading-changes-for-2017
https://tlswg.github.io/tls13-spec/#rfc.appendix.B.4

Going to go ahead and WontFix this (Not trying to discourage further discussion here, just don't want this bug to remain open once the discussion stops).