F5 LTM 11.4.0 Cipher Suites question

 , Have you first checked what all the ciphers that your bigip would support as part of handshake when you append the above CIPHER - 'ECDHE+HIGH:HIGH:!MD5:!EXPORT:!DES:!3DES:!DHE:!EDH:!RC4:!ADH:!SSLv3:!TLSv1:!TLSv1_1:!RSA'

To check that, run the below,

tmm --clientciphers 'ECDHE+HIGH:HIGH:!MD5:!EXPORT:!DES:!3DES:!DHE:!EDH:!RC4:!ADH:!SSLv3:!TLSv1:!TLSv1_1:!RSA'

The above should list a set of CIPHERS that the LTM VS would use for negotiation. I'm sure there will be minimum of 10+ CIPHER SUITES (I see it in v13).

Your above listed CIPHER - hex value of c014 has below,

ID - 49172
SUITE - ECDHE-RSA-AES256-CBC-SHA 
BITS - 256
PROT - TLS1.2
METHOD - Native
CIPHER - AES
MAC - SHA
KEYXECDHE_RSA

If you are worrying about your overall rating on SSL Labs, you can remove a certain set of CIPHERS. But if your bigip version does not support it, you can't do much about that but to upgrade to latest version. Only AEAD CIPHERS (AES-GCM and ChaCha20-Poly1305) are the strongest in the market now.

Here's the article which shows the bigip versions supported ciphers. Looks like you are very limited with ciphers in this version.

Also its not like you need to have Tls1.3 enabled to get good rating. Even with Tls1.2 with strong ciphers you will get good rating and you will eliminate weak ciphers.