Customer has bound a HIGH Cipher Group to the SSL VIP. This Cipher Group which exists by default on the NetScaler does not have "TLS_RSA_WITH_3DES_EDE_CBC_SHA" present in that group, however the NetScaler is sending this Cipher Suite in the Server Hello as seen in Wireshark trace.
Note: According to RFC6176 from Internet Engineering Task Force (ITEF), TLS servers must not support SSLv2. The NetScaler appliance does not support SSLv2 from release 12.1.

This is an expected behavior.

---

Problem Cause

The reason that we see the cipher "SSL3-DES-CBC3-SHA" on the NetScaler (HIGH cipher group) as "TLS_RSA_WITH_3DES_EDE_CBC_SHA" in Wireshark, is due to the fact this cipher supports both SSLv3 and TLS higher protocols. This naming convention was used to represent which minimum SSL protocol this cipher is supported with, in this case its SSLv3. Also, we do not go by the name of ciphers but rather their hexcode advertised as per TLS RFC which is 0x0a for this cipher.

So the particular cipher highlighted in Yellow below actually supports both SSLv3 and TLS higher protocols including what Wireshark is displaying as - TLS_RSA_WITH_3DES_EDE_CBC_SHA.
 
> sh cipher HIGH
1)            Cipher Name: SSL3-DES-CBC3-SHA
               Description: SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1 
2)            Cipher Name: TLS1-AES-256-CBC-SHA
               Description: TLSv1 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1 
3)            Cipher Name: SSL2-DES-CBC3-MD5
               Description: SSLv2 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=MD5  
4)            Cipher Name: SSL3-EDH-DSS-DES-CBC3-SHA
               Description: SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1 
5)            Cipher Name: TLS1-DHE-DSS-AES-256-CBC-SHA
               Description: TLSv1 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1 
6)            Cipher Name: SSL3-EDH-RSA-DES-CBC3-SHA
               Description: SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1 
7)            Cipher Name: TLS1-DHE-RSA-AES-256-CBC-SHA
               Description: TLSv1 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1 
8)            Cipher Name: TLS1-ADH-AES-256-CBC-SHA
               Description: TLSv1 Kx=DH       Au=None Enc=AES(256)  Mac=SHA1 
 Done
 

Customer has bound a HIGH Cipher Group to the SSL VIP .This Cipher Group which exists by default on the Netscaler doesn’t have TLS_RSA_WITH_3DES_EDE_CBC_SHA present in that group however the Netscaler is sending this Cipher Suite in the Server Hello as seen in Wireshark.