I beleive that changing "tls-priorities" in /usr/share/vyos/templates/ocserv/ocserv_config.j2 to
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128:-VERS-ALL:+VERS-TLS1.2"
Should disable all older versions of TLS.
This would increase security and not flag an VyOS server runnint openconnect VPN as insecury by security auditors.