Acho que a resposta no final não é realmente, sem um certificado ECDSA.
In order to escape catch-22, consider Chrome "modern cryptography" for traditional DHE a security theater, since it doesn't show DH size (ironically, even Internet Explorer does). The current stable Chrome shows "modern" on https://dh768.serverhello.com but Chrome 45 will fail with Server has a weak ephemeral Diffie-Hellman public key message (ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY)
Now the real answer: obtain ECDSA certificate. Many Microsoft IIS problems disappear automatically, including Chrome cryptography treatment.