with sp_ssladmin you can show and set the allowed cipher suites
to see what the client is actually using, you can check this variable: @@ssl_ciphersuite
select @@ssl_ciphersuite
go
TLS_RSA_WITH_AES_256_CBC_SHA
Note that older openssl versions do not support SHA2 certificates
openssl is now delivered as part of your SAP Sybase installation, you need a recent version e.g.1.0.1h to be able to use SHA2 certificates (I didn't test all versions, but know for sure older versions like 1.0.1b do not support SHA2). As part of ASE 15.7 SP132 openssl 1.0.1h-fips is installed.
I think OpenSSL 1.0.1 series is supported till the end of 2016 only, so sooner or later SAP Sybase will also have to switch to the OpenSSL 1.0.2 series