There should be an ssl.conf somewhere ... it's commented ... might want to read study. Had similar issue when hosting on a server using a global certificate as opposed to a certificate gnerated for the specific host.
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
# Disabled weak RSA ciphers
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!RSA:!aNULL:!MD5:!DSS
SSLHonorCipherOrder On
sslabs now does check of both IPv6 and IPv4 - on a server that gets an A+
and configured by someone who works at a cyber defense company.
First section has, at the bottom, 'Trusted' status and then list
Protocols
TLS 1.3 No
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 No
SSL 2 No
For TLS 1.3 tests, we only support RFC 8446.
There is also a section on simulated handshakes ... Android is included.
'spirit of sharing', Ken