I went through this sk but i dont get how TLS is being disabled there.

Moreover..i tried running cipher_util but i get the following  : 

Make sure the selected blade is active.
'/opt/CPshrd-R80.40/conf/ssl_inspection.cipher' file is corrupted or doesn't exist.
Aborting...

also..these TLS settings are only limited to GAIA portal access and not the passing traffic ? 

For Gateways this approach is alright..but i am looking to disable TLS1.0 & TLS 1.1 in Management Server as well

Don't disabled TLSv1.1 on the Manager, I believe this is needed.  I may have put in the SK related to this in a previous post related to lockdown.

Can you share the sk please

Did try to find it, I seem to remember typing in the error I got and then finding an SK which hinted at the requirement for TLSv1.1 so I ensured this was added.  Here are my entries on a R81 SMS.

#cat /web/templates/httpd-ssl.conf.templ | grep SSLCipher
SSLCipherSuite HIGH:!ADH:!RC4:!DHE:!LOW:!EXP:!RSA:!eNULL:!aNULL:!SSLv2:!MD5

#cat /web/templates/httpd-ssl.conf.templ | grep SSLProtocol
SSLProtocol -ALL {ifcmp = $httpd:ssl3_enabled 1}+{else}-{endif}TLSv1.1 +TLSv1.2 +TLSv1.3

If can, try to exclude TLSv1.1 as well and see if you get a problem.  If I find the SK will update this thread.

Only odd thing I noted when attempting to scan via each TLS version TLSv1.1 came back with nothing:

Here are the results of the scan:

* TLS 1.1 Cipher Suites:
Attempted to connect using 80 cipher suites; the server rejected all cipher suites.
------------------------
* TLS 1.2 Cipher Suites:
Attempted to connect using 156 cipher suites.

The server accepted the following 11 cipher suites:
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 ECDH: X25519 (253 bits)
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 256 ECDH: X25519 (253 bits)
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 128 ECDH: X25519 (253 bits)
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 256 ECDH: X25519 (253 bits)
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 128 ECDH: X25519 (253 bits)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 ECDH: prime256v1 (256 bits)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 ECDH: prime256v1 (256 bits)

The group of cipher suites supported by the server has the following properties:
Forward Secrecy OK - Supported
Legacy RC4 Algorithm OK - Not Supported
------------------------
* TLS 1.3 Cipher Suites:
Attempted to connect using 5 cipher suites.

The server accepted the following 3 cipher suites:
TLS_CHACHA20_POLY1305_SHA256 256 ECDH: X25519 (253 bits)
TLS_AES_256_GCM_SHA384 256 ECDH: X25519 (253 bits)
TLS_AES_128_GCM_SHA256 128 ECDH: X25519 (253 bits)

I mite do that..disable TLS1.1 and then observe.

one thing i noticed in your output for SSL CIPHERS

SSLCipherSuite HIGH:!ADH:!RC4:!DHE:!LOW:!EXP:!RSA:!eNULL:!aNULL:!SSLv2:!MD5

there is no 3DES at the end ..have you disabled medium ciphers using cipher_util ? how do you determine which are the medium strength SSL Ciphers and should be disabled ?

I could not get the cipher_util command to work.  In my case I'm only interested in HIGH strength ciphers.  

Found the SK I looked at!

sk171707

Symptom:
"SslVersionOrCipherMismatch" error when disabling AES128 and opening a new Logging & Monitor tab in SmartConsole

When we disable TLS1.0, TLS 1.1 and SHA1, the option of disabling AES128 is not supported because this creates a situation where the connection is no longer considered secure.