Recent F5 firmware supports 4096-bit RSA keys, which will boost www.f5.com on key exchange to 100%, at some slight performance cost.
Not sure if this is rational, as it does have performance hit, and significant attacks against 2048 RSA keys would probably be better aimed at the CAs keys. Although arguably it still protects actual traffic better, making it harder to decrypted archived messages, so we went with the longest keys supported.
I've put in the first proposal for using HPKP to avoid relying on these security lightweights like the CAs ;)