Yes, your friend is wrong IMHO. By only using 256 bits ciphers, you’re forcing ciphers which aren’t implementing 256 bits GCM AES to use the CBC mode of operation, which is broken.
However, 100% on the Key Exchange is quite possible without breaking stuff, but I’d want to mention the issue with the whole “I must have 100%!!!11” thingy…
For 100% Key Exchange, add the following somewhere in your Apache configuration:
SSLOpenSSLConfCmd ECDHParameters Automatic
SSLOpenSSLConfCmd Curves secp521r1:secp384r1:prime256v1
I’m still not entirely sure the first one is needed, but with these two items, my Apache accepts all three ECC curves, so SSLLabs will grant you 100%.