Can someone explain to me what I need to actually do per the Solution of this report below? I have a SSL certificate on the 444 port this report is complaining about which is used for anyconnect so I don't understand why this would be seen as weak key exchange. the cert was issued from namecheap and should meet requirements

SOLUTION:
Change the SSL/TLS server configuration to only allow strong key exchanges. Key exchanges should provide at least 112 bits of security, which translates to a minimum
key size of 2048 bits for Diffie Hellman and RSA key exchanges.
IMPACT:
An attacker with access to sufficient computational power might be able to recover the session key and decrypt session content.
THREAT:
QID Detection Logic:
For a SSL enabled port, the scanner probes and maintains a list of supported SSL/TLS versions. For each supported version, the scanner does a SSL handshake to get a
list of KEX methods supported by the server. It reports all KEX methods that are considered weak. The criteria of a weak KEX method is as follows:
The SSL/TLS server supports key exchanges that are cryptographically weaker than recommended. Key exchanges should provide at least 112 bits of security, which
translates to a minimum key size of 2048 bits for Diffie Hellman and RSA key exchanges.
CVSS Base Score: 4.0 AV:N/AC:H/Au:N/C:P/I:P/A:N
CVSS Temporal Score: 2.9 E:U/RL:W/RC:UC
Severity: 4
QID: 38863
Category: General remote services
CVE ID: -
Vendor Reference: -
Bugtraq ID: -
Last Update: 2022-07-21 21:49:33.0
VULNERABILITY DETAILS
PCI Severity Level:

Automatic Failure: Components that support SSL v2.0 or older, OR SSL v3.0/TLS with 128-bit encryption in conjunction with SSL v2.0
The vulnerability is not included in the NVD.

PCI COMPLIANCE STATUS
Weak SSL/TLS Key Exchange port 444 / tcp over ssl