Just wanted to update that there indeed still is support for forward secrecy for some browsers, but not for all that would support it,
that's why the ssllabs report isn't "green" regarding forward secrecy (which it used to be earlier iirc => maybe they've made the test stricter).
Any input on this would be highly appreciated as we as customers who host on app engine can't do anything about it (improve the situation) from what I understand.