I’m having the same issues with our security department’s scans flagging for weak ciphers. We’ve reached out to DUO support, but we keep getting replies with solutions to harden a web server (from links to commonly found articles via a Google search)...