Just out of curiosity, why are you proposing that AES 128 is the one to go with? According to SSL Labs AES 256 is preferable and has broad support among browsers.
AES_128_GCM is much much preferable to AES_256_CBC. AES_256_GCM does not have broad support (not supported by Chrome or Firefox) and isn't really worth the performance tradeoff.
SSL Labs is judging what they consider absolute security (I assume - I can't speak for Ivan or Qualys), where Google/Mozilla/etc look heavily at performance and supportability.
Mozilla publishes their approach to what is 'best' here:
https://wiki.mozilla.org/Security/Server_Side_TLS
https://code.google.com/p/chromium/issues/detail?id=442572