Robert, perfect answer above, unfortunately the timing on this release is still out there in 3rd/4th qtr.  One additional thought would you also not want to -SSLv3 to the Cipher list?  What about removing the Medium?  Basically this HIGH:-SSLV3:-SSLV2:-aNULL:@STRENGTH as the list?  Any drawbacks in your view?
 

Always - you can specify, if you like.  My -SSLV2 is carry over from days of old.  As SSLV3 is not set from the main choices, this should not carry over.  But, if you are using the recommended string, never hurts to have added in.  Will be no operational impact either way.  As for MEDIUM and HIGH, again - is totally up to the end administrator.  Which ciphers they wish to start out accepting, based on their level of communication and who they exchange mail with may determine that they need to be a little more allowing of Medium:High ciphers.  If you run only HIGH, you might run the risk of company with older, or "not-in-the-know" of how to operate SSL, and may end up not accepting their traffic.

So - in the end, just happy that we finally have 1.2 implemented.  Again, this is starting in 9.5 - FCS will be released soon, and GD will be ~4 weeks post FCS release.

Looking @ my beta mail logs:

> grep "TLSv1.2" mail_logs

Mon Apr 13 23:15:28 2015 Info: ICID 765 TLS success protocol TLSv1.2 cipher RC4-SHA
Fri Apr 17 06:39:47 2015 Info: ICID 780 TLS success protocol TLSv1.2 cipher RC4-SHA
Tue Apr 21 05:16:37 2015 Info: ICID 1303 TLS success protocol TLSv1.2 cipher DHE-RSA-AES256-GCM-SHA384
Wed Apr 22 14:46:03 2015 Info: ICID 1312 TLS success protocol TLSv1.2 cipher DHE-RSA-AES128-GCM-SHA256
Wed Apr 22 15:59:31 2015 Info: ICID 1315 TLS success protocol TLSv1.2 cipher AES128-GCM-SHA256
Mon Apr 27 13:08:06 2015 Info: ICID 1714 TLS success protocol TLSv1.2 cipher RC4-SHA
Tue Apr 28 12:56:24 2015 Info: ICID 1719 TLS success protocol TLSv1.2 cipher DHE-RSA-AES128-GCM-SHA256
Wed Apr 29 12:24:50 2015 Info: ICID 1723 TLS success protocol TLSv1.2 cipher DHE-RSA-AES128-GCM-SHA256
Thu Apr 30 11:36:50 2015 Info: ICID 1736 TLS success protocol TLSv1.2 cipher DHE-RSA-AES128-GCM-SHA256
Fri May  1 09:24:33 2015 Info: ICID 1739 TLS success protocol TLSv1.2 cipher DHE-RSA-AES128-GCM-SHA256
Sat May  2 09:21:12 2015 Info: ICID 1778 TLS success protocol TLSv1.2 cipher DHE-RSA-AES128-GCM-SHA256
Sun May  3 09:19:11 2015 Info: ICID 1781 TLS success protocol TLSv1.2 cipher DHE-RSA-AES128-GCM-SHA256
Mon May  4 09:47:49 2015 Info: ICID 3384 TLS success protocol TLSv1.2 cipher DHE-RSA-AES128-GCM-SHA256
Mon May  4 10:20:49 2015 Info: ICID 3385 TLS success protocol TLSv1.2 cipher RC4-SHA
Mon May  4 11:56:06 2015 Info: ICID 3386 TLS success protocol TLSv1.2 cipher DHE-RSA-AES128-GCM-SHA256
Tue May  5 09:37:06 2015 Info: ICID 3394 TLS success protocol TLSv1.2 cipher DHE-RSA-AES128-GCM-SHA256
Wed May  6 09:20:45 2015 Info: ICID 3406 TLS success protocol TLSv1.2 cipher DHE-RSA-AES128-GCM-SHA256

Let me know if anything else!

-Robert

Thanks Robert, very helpful answers. 

Totally unrelated note: any thought about you and Chris Porter updating the book Email Security with Cisco IronPort to bring in the ESA enhancements since the first publishing? (you can answer this off the record if needed)