Vulnerabilities on port 443 and 20200 with the listed ciphers that need to be remediated:
You can customize the ciphers for TLS 1.2 and port 20200/tcp that you allow on the SpanVA, to do this you need to:
For port 443/tcp, customization is not currently allowed. However, SHA-1 is used in the context of MAC generation, and is still allowed by NIST, due to its security strength being greater than 112 bits (it is 128 bits for HMAC-SHA1). Also, the transition away from SHA-1 is set for Dec 31, 2030 as per NIST's latest announcement: NIST transitioning away from SHA-1 for all apps