With the release of vTM version 9.8, SHA-2 is now supported:
SR10897 Support for the TLS 1.2 protocol has been added for traffic handled using
the virtual server "ssl_decrypt" or pool "ssl_encrypt" settings, as well as all
administrative interfaces.
TLS 1.2 (RFC 5246) enables a higher level of security when setting up encrypted
connections and more control over the signature algorithms used when exchanging
keys or verifying certificates. The traffic manager now supports additional cipher
suites ending in _SHA256 that use a SHA-2 hash for record integrity.
The default cipher suite preference list is now:
SSL_RSA_WITH_AES_128_CBC_SHA256
SSL_DHE_DSS_WITH_AES_128_CBC_SHA256
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
SSL_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_AES_256_CBC_SHA256
SSL_DHE_DSS_WITH_AES_256_CBC_SHA256
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256
SSL_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_DSS_WITH_AES_256_CBC_SHA
SSL_DHE_RSA_WITH_AES_256_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_RC4_128_SHA