I agree, it should.
I'm also running 11.5.3. Here's my default ciphers:
user@LB: tmm --clientciphers DEFAULT
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA
1: 53 AES256-SHA 256 TLS1 Native AES SHA RSA
2: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA
3: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA
4: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA
5: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA
6: 47 AES128-SHA 128 TLS1 Native AES SHA RSA
7: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA
8: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA
9: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA
10: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA
11: 10 DES-CBC3-SHA 192 TLS1.1 Native DES SHA RSA
12: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA
13: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA
14: 5 RC4-SHA 128 TLS1 Native RC4 SHA RSA
15: 5 RC4-SHA 128 TLS1.1 Native RC4 SHA RSA
16: 5 RC4-SHA 128 TLS1.2 Native RC4 SHA RSA
17: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA
18: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA
19: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA
20: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA
21: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA
22: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 Native AES SHA ECDHE_RSA
23: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA
24: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA
25: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDHE_RSA
26: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDHE_RSA
27: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDHE_RSA
Looking at the article previously mentioned that would make your list:
!SSLv2:!SSLv3:!MD5:!EXPORT:RSA+AES:RSA+3DES:RSA+RC4:ECDHE+AES:ECDHE+3DES:ECDHE+RC4:@STRONG:SSLV3
The article says:
Note: When you use the ! symbol preceding a cipher, the SSL profile permanently removes the cipher
from the cipher list, even if it is explicitly stated later in the cipher string.
When you use the - symbol preceding a cipher, the SSL profile removes the cipher from the cipher list,
but it can be added back to the cipher list if there are later options that allow it.
That would indicate that SSLv3 is not allowed at all. Have you looked around for other profiles with custom cipher strings?
/Patrik