It’s mainly due to the rather clever people at the NSA suggesting those dealing with Top Secret level encryption stick to longer DH/RSA keys rather than going to ECC.
Q: The commercial world appears to be moving to elliptic curves. Why is NSA continuing to support older algorithms?
A: NSA supports the use of NIST P-384 in NSS. In the original CNSSP-15 both RSA and Diffie-Hellman were included as legacy algorithms which were only to be used until replacement elliptic curve cryptography (ECC) equipment was available. Since that time NSA has come to appreciate that some of these legacy systems will be around for much longer than we had planned. Because of these legacy systems and because there is an eventual need to move to quantum resistant public key algorithms, NSA has decided that it may be more cost effective for some NSS to continue to use RSA and Diffie-Hellman with larger key sizes until the new quantum resistant public key algorithms are ready. NSA does not want to force NSS operators to pay for two cryptographic upgrades: first from RSA/Diffie-Hellman to ECC and then from ECC to quantum resistant cryptography.
It seems a rather odd way of putting it, but basically they’re saying longer DH/RSA is better than most ECC while waiting for post-quantum algorithms.