Here is an amazing article which explains SSL protocols and ciphers and how to carefully choose them.
https://devcentral.f5.com/articles/cipher-suite-practices-and-pitfalls-25564?lc=1
I prefer using explicit ciphers along with options
Example:
ltm profile client-ssl clientssl_custom {
ciphers !SSLv3:!TLSv1:!TLSv1_1:!EXPORT:!ADH:!DHE:!RC4:!DES:!3DES:!MD5:ECDHE+AES-GCM:ECDHE+AES:ECDHE_ECDSA:RSA+AES-GCM:RSA+AES
options { dont-insert-empty-fragments no-ssl no-sslv2 no-sslv3 no-tlsv1 no-tlsv1.1}
}
.
tmm --clientciphers '!SSLv3:!TLSv1:!TLSv1_1:!EXPORT:!ADH:!DHE:!RC4:!DES:!3DES:!MD5:ECDHE+AES-GCM:ECDHE+AES:ECDHE_ECDSA:RSA+AES-GCM:RSA+AES'
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA
1: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA
2: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA
3: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA
4: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA
5: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA
6: 49195 ECDHE-ECDSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_ECDSA
7: 49161 ECDHE-ECDSA-AES128-SHA 128 TLS1.2 Native AES SHA ECDHE_ECDSA
8: 49187 ECDHE-ECDSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_ECDSA
9: 49196 ECDHE-ECDSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_ECDSA
10: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.2 Native AES SHA ECDHE_ECDSA
11: 49188 ECDHE-ECDSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_ECDSA
12: 156 AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 RSA
13: 157 AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 RSA
14: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA
15: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA
16: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA
17: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA
18: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA
19: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA