Disabling static ciphers directly on the ESXi host for the fdm service on port 8182 and running the EsxTlsReconfigurator utility from vCenter Server does not yield results that TLSv1.1 is enabled.

Directly editing the /etc/init.d/vmware-fdm/fdm.cfg file to remove the TLSv1.1 entry, then restarting the fdm service on the ESXi host shows that the TLSv1.1 entry is returned to the configuration file, and the security scan still shows TLSv1.1 is enabled on port 8182.

vSphere ESXi 7.0.x
vSphere ESXi 8.0.x
vSphere vCenter Server 7.0.x
vSphere vCenter Server 8.0.x

There is a cluster level configuration that is enabling TLSv1.1 on the ESXi host.

Found in prettyPrint.sh_clusterconfig.txt

<option>
         <key>das.config.vmacore.ssl.protocols</key>
         <value xsi:type="xsd:string">tls1.1,tls1.2</value>
 </option>

In the vSphere Client UI, click on the cluster where the ESXi host(s) at issue is located, then go to Configure > vSphere Availability > Edit button.  In the Advanced Options tab:

• Find the das.config.vmacore.ssl.protocols Option
  • Click the three dots and select Delete.  Save those changes by clicking OK, then return to the SSH session of the ESXI host
    • Restart the fdm service again, /etc/init.d/vmware-fdm restart

The TLS protocol versions enabled should now be set by the options used at the vCenter Server level with the EsxTlsReconfigurator utility.

Enable or Disable TLS Versions on ESXi Hosts

Disabling static ciphers for TLS in ESXi