- SSL Certificate - Self-Signed Certificate
- SSL Certificate - Invalid Maximum Validity Date Detected
These two would have to be taken care of by the customer providing their own certs
- Secure Sockets Layer/Transport Layer Security (SSL/TLS) Server supports Transport Layer Security (TLSv1.0)
- Weak SSL/TLS Key Exchange
Yes, Changing to TLS1.2 will take care of these.
- HTTP Security Header Not Detected
I am not familiar with the scan tool used, and I am unsure why this message would be present as the IM solution should be currently protected by SSL by the customer.