HCX Manager running "Admin" services over TCP port 9443 (SSL/TLS) may get flagged for older cipher and will be discovered by modern security scanning tools like Qualys.

HCX Manager Admin services over TCP port 9443 (SSL/TLS) is still allowed for Diffie-Hellman groups with 1024 key-size.
However, HCX Manager primarily uses Elliptic-curve Diffie–Hellman (ECDH) groups for both Admin & Hybridity services.
It can be verified with the help of "openssl s_client" command when executed on HCX Connector or Cloud manager as shown below:

openssl s_client -connect <HCX-MANAGER-IP or FQDN>:9443 -msg | grep Server
<SNIPPED>
Server certificate
Server Temp Key: ECDH, P-256, 256 bits
Server public key is 2048 bit

Note: ECDH with 256 bits provide 128 bits of security, whereas DHE with 2048 bits provides only 112 "bits of security".

IMPORTANT: HCX Manager hybridity services over TCP port 443 (SSL/TLS) is NOT allowed for Diffie-Hellman groups with 1024 key-size.