How to configure BIG-IP(11.4.1) to support TLSv1.2

You're using TLSv1.2. The problem is that you're using RSA and AES128-SHA. The negotiated cipher is:

AES128-SHA

RSA is an obsolete key exchange and doesn't provide forward secrecy, and SHA1 is an obsolete hmac. You can see exactly what ciphers are included in "TLSv1_2" by using the command line:

tmm --clientciphers 'TLSv1_2'

You'll definitely see RSA and SHA1 in that list. Any cipher that doesn't start with the key exchange (ex. DHE-RSA, ECDHE-RSA, etc.) is an RSA key exchange (ex. AES256-SHA). And "SHA" means SHA1. So there are few options. You could start with 'DEFAULT' and remove RSA, SHA and older TLS protocols,

DEFAULT:!RSA:!SHA

or you could start the 'TLSv1_2 and simply remove RSA and SHA:

TLSv1_2:!RSA:!SHA

Definitely take a look at this list on the command line, as the latter option may also include some undesirable options like ADH (anonymous Diffie-Hellman) and ECDH (non-ephemeral elliptic curve Diffie-Hellman). Starting with the DEFAULT string will automatically remove insecure ciphers.