HF-DE371990-20180627-0001.tar.gpg for SSH
For port 8443, there is a https-listener-hardening file which can be edited and set to value of true which would force usage of TLS 1.2 instead. There is a separate file for each service under the /opt/CA/VirtualAppliance/custom folder.
For port 443, disabling TLSv1.0 is not supported in version 2.2.15 of httpd, which is the latest version released for CentOS 6 (which is the base of vApp 14.1 and 14.2). Fixing this issue is in our road map for future versions. In the meantime, we would advise a customer to limit network access to this port to admin workstations only.