Cause: Previously we had some 3DES based ciphers still enabled within the dogtag server. This is technically considered ok, due to the fact that these ciphers are still considered marginally acceptable at this point.
We decided that it would be better to disable these ciphers by default but still have them available to be reintroduced if desired by the user.
We have disabled said ciphers by default.
Now a brand new installation of the server will run with well regarded ciphers available only, increasing security.