Several weak ciphers have been deprecated in previous versions of Gateway and post upgrade to Gateway v11.1, these ciphers are still enabled.

Eq:

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

API Gateway v11.1

Gateway upgrade keeps the list of ciphers which were enabled before upgrade.

That means, if these deprecated ciphers were checked in previous version of Gateway, then the same will be checked/enabled post upgrade. 

Manually uncheck these weak deprecated ciphers which are not needed after upgrade.

In the case of new/fresh install of GW 11.1, these ciphers are disabled out of the box.