Hi, So to the vip where this profile is configured can you run nmap? nmap --script ssl-enum-ciphers -p 443 <my ip or dns>
This should tell you what you have. I have just done the same for my environment, I found the cypher profile and the "no tls1.1" section argued with each other and i think the cypher would override that filter. So i made a custom cypher rule and group and applied that to the clientssl profile i was using.
I found that nmap command gave me some good output to help fault find the issue.