I configured the report servers to use sha256 encryption but by default it is configured to use sha1. Sha1 is also used for the RUM console and CSS. Not sure what the AMDs use though.
Hope that helps,
In 12.3, the default SSL mode was changed to support TLS1.2 cipher suites (disabling older less secure ones), so the CAS/ADS/RUMC/CSS will negotiate a TLS1.2 connection with your browser, I regularly see it using ECDHE/AES128/SHA256 session encryption.
The out of the box certificates* however are signed with SHA1. The signature algorithm used on the certificate ha no bearing on the quality of the session encryption used.
*you should really be generating your own not relying on the out of the box certificates.
For CAS and ADS the <install>/config/common.properties file allows you to modify the cipher suites it will negotiate.
This is the default 12.3+. IT will only negotiate a TLS connection (SSL2 and SSL3 are disabled), the due to the ordering of cipher suites will pick the strongest one the browser supports.
connector.ssl.SSLCipherSuite = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!DH