Hi Yogesh,
your original issue was that SSL was allowing some weak cipher suits to be used for connection. For example you really do not want to use suites that use 3DES. This is a common issue and you just need to disable these weak suites. The only issue you could get from disabling these weak suites is if you have a really really old client that does not support new crypto primitives such as block cipher AES and hash function SHA-1. What happens during initialization of connection is that client and server agree on cipher suite that will be used to protect connection. You just want to configure server that it won't allow some suites to be used. Hence you could have a situation when old client supports only weak cipher suites and server does not want to use any of these. Hence the connection fails because they can't agree on cipher suite.
Honestly, disabling HTTPS access to MC sounds like a really terrible idea. Basically, your auditors are saying that they do not like you accessing this sensitive service over weak cipher suites. Your answer is that let's not use any encryption at all. Hence you are trying to resolve one minor issue by introducing much bigger issue. Do you really think that auditors will be happy with your solution? Regardless what auditors think you should really want to protect it and you should not access it over HTTP.
Cheers