Allowed ciphers

Problem: My company wants us to limit TLS to version 1.2 or greater and for 1.2, these cipher suites:

For puppet, port 8140, and foreman proxy, port 9090, each has two of the allowed ciphers, but some not allowed. I modified the custom-hiera.yaml file, but I don’t see a section for puppet nor allowed ciphers for foreman-proxy - just disallowed ciphers for proxy. Are there settings for puppet and allowed ciphers for proxy? Or is there another way to achieve this? Do I even need port 9090 with a stand-alone satellite server?

Expected outcome: Able to allow the desired ciphers for each service.

Foreman and Proxy versions: foreman 3.0.1-1, katello 4.2.1-1

Foreman and Proxy plugin versions:

Distribution and version: CentOS 7.9

Other relevant data: