I am only familiar with administrating DAG systems running on the Windows Server 2016 platform.
If your DAG systems are not joined to the domain then you will have to manually configure the TLS and Cipher Suites supported by the system.
If your systems are Windows, I would recommend disabling TLS 1.0 and TLS 1.1 via the registry (which will require a system restart).
Here is a Microsoft article on how to do that:
Similarly, you can disable the ciphers suites via registry configuration as well, the above article contains a link to do so.
If you don’t like modifying the registry, there is a useful tool made by Nartac Software called IIS Crypto that provides a user-friendly GUI to modify security protocols used by the system including TLS, Hashes, Key Exchange, and Ciphers.
IIS Crypto can be acquired here:
To mitigate SWEET32, you can use IIS Crypto to disable the following:
-Disable ciphers suites using less than 128 bit
-Disable cipher suites using 3DES
Best of luck,