This guide is for Apache but might be similar for other web servers
If you've just installed Let's Encrypt certificates with Certbot on your web server and ran SSL Server Test, you might have warning saying your server supports TLS_RSA_WITH_3DES_EDE_CBC_SHA.
To drop support for this protocol you must
- Open /etc/letsencrypt/options-ssl-apache.conf
- Delete :DES-CBC3-SHA from the SSLCipherSuite line
- Restart apache sudo service apache2 restart
Also, here is the default conf file https://github.com/certbot/certbot/blob/master/certbot-apache/certbot_apache/_internal/tls_configs/old-options-ssl-apache.conf