They no longer have expired certificates, so that's not the problem.
Are they using self-signed certificates?
So, either the cause of invalid efnet certificates is not due solely to an obsolete cipher, or the new options box is not actually updating the ciphersuite used for the SSL connection.
You'll be pleased to know that it is :-]