The nmap command can enumerate SSL ciphers on the server.

nmap --script ssl-enum-ciphers -p 443 domain.example

The SSL Labs’ SSL test is similar? In debugging purgatory, there are instances where declarations in a configuration do not translate into reality and it’s not always the implementation, or the server, but sometimes exotic interactions between systems.