How to find which cipher suit is used or not?

Hello, you can restrict cipher suites selection from your clientssl/serverssl profiles. 
When you're tuning it, you can list the suites allowed by your string using bash command tmm --clientciphers <string> , ex. tmm --clientciphers "DEFAULT".

With "@STRENGTH" syntax one can have the cipher negotiation start with the strongest cipher and progress to the weakest (example: "DEFAULT@STRENGTH" ).
Here's an SSL cheatsheet by the way. 

Best way to determine which one is negotiated is performing a packet capture. Or, log it with an iRule. 

when CLIENTSSL_CLIENTHELLO {

    set client_ciphers [SSL::cipher clientlist]
    log local0. "Cipher suite ID's available for negotiation (client selection): $client_ciphers"
}

when CLIENTSSL_HANDSHAKE {
    set suite [SSL::cipher name]
    log local0. "Selected suite: $suite"
}