SSL enabled server requires private key after update from 10 to 11

OK, it turned out that this is standard http server with serverssl profile only. As such I doubt there is any need for remote server private key. What I suspect is problem with ciphers. serverssl profile is using DEFAULT. As far as I know DEFAULT profile in 10.1 and 11.6 is quite different. In 11.6 plenty of unsecure ciphers was removed/disabled in DEFAULT. What would be the easiest way to check what highest possible cipher remote server can accept - without using BIG-IP (I mean in advance before switching from 10.1 to 11.6)? Piotr