After reading lots on the topic, I cannot find any authoritative/expert recommendations that recommend/urge to make sure that ssllabs shows 100% Key Exchange and 100% Cipher Strength instead of “only 90%” on top of an existing A+ rating. On the contrary, most are discouraging it.
The security gain is disputed, cannot be quantified, worsens compatibility, isn’t common security practice. Even websites that deal with millions or even billions of USD value such as banks and crypto exchanges don’t go for this. Neither any security-focused operating systems.
Since Whonix isn’t a web application project, bank or crypto exchange I’ve decided not to attempt to be special here.
In the wider context
it doesn’t seem any threat model would be addressed here.
Further research, discussion, implementation could take many more hours and these don’t seem appropriately allocated in context of other tasks.