Thank you everybody, after spending some time testing and trying to fulfill every single one of the items in the ssl tests, I have
- Used the version of Ranch, 1.3.1, which was just pushed to Hex.
- That did the trick; the params (in the :atom format) are now recognized
- (did not put
honor_ecc_orderparam, as it might be unnecessary) - Added an additional
client_renegotiation: false,param as without this the test score for HtBridge will be capped lower
Now I get A+ on HtBridge SSL test, and
capped to A- on SSLlabs test - because “The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-.”
- Without knowing what the “reference browsers” need (or in fact, what they even are) I don’t think I can improve on this Forward Secrecy thing (might not be necessary to also)
- HtBridge indicates “SERVER DOES NOT SUPPORT OCSP STAPLING” which is required for “Non-compliant with HIPAA guidance” but I think this is about the webserver implementation.
All in all, an immensely gratifying result from the built-in default webserver of Phoenix alone, guess that might be good enough for me and anyone else who might like to repeat this result can use the config params mentioned…
(If one wants to fulfil everything, then perhaps phoenix needs to be run behind nginx with its well-known params configured but this option didn’t appeal to me (for now.))
I am so impressed and grateful with the help given by this community… one of the best tech communities I’ve ever joined so far. 
