How to restrict TLS ciphers for the published site

On doing port scan, we could see some weak ciphers being supported as part of TLS.

Wondering if there is a way to ;

  1. Cherry Pick TLS cipher suites
  2. Or at least change the order of cipher suites while doing handshake such that the client will pick the most strongest cipher they can support

If you want server options, then you have to move the site to one you control.