SSLv3, TLS1.0 and cipherstrings...

When a client sends a "Client Hello" message to the server, it sends a list of cipher suites that it supports. The idea is that one of those cipher suites is also supported by the server, and typically the strongest cipher suite is the one chosen for the TLS session. The client SSL profile lists the cipher suites that the BIG-IP (server) will support. For the TLS handshake, the server gets to decide what cipher suite will be used. So, in the case of a BIG-IP having a client SSL profile that has the "!SSLv3" added, this means that the BIG-IP will not offer any cipher suite that has SSLv3 in it. So, even if the client sends a list of cipher suites that include SSLv3, the server (BIG-IP) will not choose any of those because they won't match any of the server-side cipher suites. Instead, the server (BIG-IP) will negotiate a different cipher suite from the client.

Here's an article/video that might help as well: https://devcentral.f5.com/articles/whiteboard-wednesday-breaking-down-the-tls-handshake