Side note:
DHE suites not supported: This server doesn’t support the Diffie-Hellman (DH) key exchange.
Since our certificate is based on ECDSA (Not RSA), we dont need DHE for PFS.
Although this owasp cheat sheet says to use DHE but it doesnt point out if you are using ECDSA vs RSA. Thus using ffdhe8192 (or lower variants) is only for backward compatibility were devices doesn’t support elliptic curve and rely on DHE (which is something against the principle of keep it safe and updated) for connection.