If I use TLSTool on https://3des.badssl.com it shows that the cipher suite is ECDHE_RSA_WITH_3DES_EDE_CBC_SHA. I was assuming setting NSExceptionAllowsInsecureHTTPLoads=true would make this cipher work, but it doesn't work unless I also set NSExceptionRequiresForwardSecrecy=false. This seems like what I would do if my cipher suite was something like RSA_WITH_3DES_EDE_CBC_SHA where it's not supporting PFS and the encryption method doesn't match. But then again NSExceptionRequiresForwardSecrecy is really just a way to give you access to these specific cipher suites:
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
So I think I'm just confused about which keys to use for different unsupported cipher suites.