Symptoms:

Security scanner is reporting that legacy encryption mechanisms ssl2 ssl3 tls1_1 tls1 are enabled on Port 5489

The vami-sfcb was previously used for upgrades in SRM and VR 8.6/8.7.It is enabled on only tcp6 as per the IPTABLES and blocked on tcp.

This issue has been resolved in SRM/VR 8.8.0.3 version 

Workaround:

To confirm if active on appliance run the following :

"netstat -anp | grep 548"

example of output :
tcp 0 0 10.176.XX.XX:51548 10.176.XX.XX:443 ESTABLISHED 2133/vmware-dr
tcp6 0 0 :::5488 :::* LISTEN 1401/vami-sfcbd
tcp6 0 0 :::5489 :::* LISTEN 1401/vami-sfcbd
tcp6 0 0 :::5480 :::* LISTEN 573/envoy
tcp6 0 0 :::5480 :::* LISTEN 573/envoy
tcp6 0 0 :::5480 :::* LISTEN 573/envoy
tcp6 0 0 :::5480 :::* LISTEN 573/envoy

The following file on both appliances VR and SRM indicates as to the service/process using this port 
/opt/vmware/etc/sfcb/sfcb.cfg :

To mitigate 2 of the protocols that of SSLv3 and TLS1 please implement the following change to above named file:
sslNoSSLv3: true
sslNoTLSv1: true

Note: Amendment to the sfcb config file disables SSLv3 and TLS1 but leaves SSLv2 and TLS1_1 still accessible. The only way to disable on SSLv2 and TLS1_1 is to upgrade to 8.8.0.3 which will no longer be using the vami-sfcb and is removed in this version.