In API Gateway 9.3 by default, less strong key exchange on ports 2124/TCP, 8443/TCP, 9443/TCP is used, such as following:
the key size (DH parameter) in the Diffie-Hellman key exchange method is set to 1024 bits or less.
As for PCIDSS requirement, it is recommended to set 2048 bits or more for the DH parameter.
How do you change the key size?
Here is an example command to see the key size of DH parameter.
API Gateway 9.3
By Manage Listen Ports properties in Policy Manager, SSL/TLS Settings tab has a check box of 'Enabled TLS Versions'.
After disabling TLS 1.0 and enabling TLS 1.2, the key size of DH parameter is changed to 2048 bits length.