Fleet Server allowing insecure tls protocols

Here is the my setup:
Self hosted ECE (version 3.7.2)
I have an ES cluster named APM
This cluster is using Fleet

After running a security scan, a vulnerability was found with the Fleet server. For the DES, 3DES cipher suites being allowed (SWEET32) on a docker mapped port for 0.0.0.0:18888->8220/tcp. I have confirmed this with the following command:

 nmap --script ssl-enum-ciphers -p 18888 my.host.net

PORT      STATE SERVICE
18888/tcp open  unknown
| ssl-enum-ciphers:
|   TLSv1.1:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C
|     compressors:
|       NULL
|     cipher preference: server
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
|     compressors:
|       NULL
|     cipher preference: client
|     warnings:
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|_  least strength: C

After looking at the github repository for fleet. I see there are options in the fleet-server.reference.yml file to adjust the ssl.supported_protocols and ssl.cipher_suites settings.

However, since this is a managed fleet integration server via ECE, I am not seeing a way to configure those settings. How do we resolve this vulnerability?