Nope, still does not work.
And I think the icm/ssl_config_xx applies to the SSL server.
What I am having issue is SAP AS JAVA being the SSL Client.
SSL Server settings for both ABAP/Java stack is ok. I can see TLS 1.2 being used when I called it from a browser.
SSL Client settings:
In ABAP via SM59, I can call the target server and it's showing TLS 1.2 (line 4 - 20)
But in Java via Destination, calling the same target server, it shows TLS 1.0 (line 26 - 41).
Maybe it's a bug in CommonCrypto and not taking the ssl/client_ciphersuites settings?