Quicksight EmbedURL using TLS 1.0

Hi, I've built an application for the Salesforce.com AppExchange. This application Embeds a Quicksight Dashboard using this API call [GetSessionEmbedUrl] (https://docs.aws.amazon.com/quicksight/latest/APIReference/API_GetSessionEmbedUrl.html). Salesforce.com will not approve my application because their security scan is picking up the fact that this API fetches the Embedded URL using "https://api.us-east-2.quicksight.aws.amazon.com" which still has access to TLS V1.0 (they require all APIs to disable TLS v1.0). I've asked them to consider this as a 'false positive' given I can't change how the API works, but wondering if anyone has run into a case like this before and has any advice?