Remove TLS_RSA for PFS?

Thanks very much S.Blakely for your response. I believed I took the necessary mitigation steps & was surprised to see a scanning site provide a false positive. I appreciate you sharing your knowledge. If I may expand on the PFS portion of the question, I just read in another post that "requiring PFS involves setting our clientssl profile cipher string to include only ECDHE and DHE (but not ADH) ciphers and to disallow RSA key exchanges. It can be as simple as setting your cipher string to DEFAULT!RSA or ECDHE:DHE". Does that approach sound correct?

 

Thanks again for any assistance you might provide. I have a support case open on this, but in all honesty, I don't think I've received the correct response yet, or if so, I may have misunderstood what needed to be done in my instance. I'm looking to make a timely change so that I can rerun the scan to see if I can improve our grade.