Do you know what TLS version is being used for the outbound connection to the back-end using Routing Assertion? 
I know for incoming connections I can use request.ssl.protocol that tells me TLS/SSL protocol. It doesn't do the same for outgoing back-end connections.

All supported versions of the API Gateway

${httpRouting.url} - should provide the information you require as outlined in our doc.

Returns the Protected Service URL from the last routing assertion. This variable should be used after a routing assertion.

When used without a suffix, the entire URL is returned. When used with one of the following optional suffixes, only that part of the URL is returned:
.file
.fragment
.host
.path
.port
.protocol
.query

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-1/reference/context-variables/message-routing-context-variables.html