apparently there was a callback defined for the context in case the client specifies a server name:
ctx.set_tlsext_servername_callback(handle_sni)
that callback defined a new context that apparently overrides the context with the defined ciphers during the handshake. The solution was to add the ciphers definition into that callback.