PCI Scan is showing vulnerabilities

If your server isn’t listening on those ports you can tell your tester that and they’ll mark it off. For the 3DES question it’s probably categorized/flagged around this (and the linked response is generally sufficient for testing organizations. https://support.cloudflare.com/hc/en-us/articles/231510928-Sweet32-CVE-2016-2183-and-Cloudflare