Hi Nathan,
With the client SSL profile set to not allow the 128bit cipher, LTM will send a reset to a client who attempts to use a 128 bit cipher. This will happen regardless of whether the iRule is enabled or not.
The iRule is a better option as it tells the client that there is a problem and how to fix it. The only downside to the iRule option is that vulnerability scans will show a false positive for weak ciphers. It's safe to ignore this as no client with a weak cipher will be able to get past LTM.
Aaron