This is a bit harder to do and I would first start investigating by simply searching the mail log on the console like:
grep "SSLv3 cipher" mail_logs
grep "TLSv1 cipher" mail_logs
grep "TLSv1.1 cipher" mail_logs
grep "TLSv1.2 cipher" mail_logs
this gives you the ICID's of the incoming messages back matching your search pattern.
Then you need to grep this ICID in smtp_logs to get the corresponding MID back.
On a busy server there will be multiple MID associated to a given ICID.
Hope that helps with your analysis.
-Marc