There is an incompatibility between sslyze 6.2.0 and nassl 5.3.0, causing false positives.

sslyze 6.2.0 requires nassl >5.3.0 and <6. Version 5.3.1 resolves this issue, but is not available in kali rolling yet.
This incompatibility causes findings if a server supports the TLS curve secp256r1 / prime256v1 / NIST P-256 is supported.

Version 5.3.0 erroneously returns secp256r1 as "PRIME256V1", which is fixed in 5.3.1 at commit c8abd1917c25f1a0ec40e88cd99519b641f79ec4. See https://github.com/nabla-c0d3/nassl/commit/c8abd1917c25f1a0ec40e88cd99519b641f79ec4.

This causes detected instances of support for secp256r1 to not be mapped correctly to the mozilla standards and results in an output claiming that this curve shall be deactivated as it is not part of those standards, which is incorrect.
To work around this, a local installation of sslyze in a virtual environment does ensure correct dependencies, but it would be great to also have this change upstream.

Attached are different outputs scanning the same host. Due to the incorrect value for secp256r1 as prime256v1, it is treated as a non-supported curve. The correct output notes that only secp521r1 should be rejected.
This is not a bug in sslyze itself and purely relies on its required dependency not being available in the kali repository.

Pushing nassl 5.3.1 upstream would fix this bug.