You want to enables TLS debugging on DLP Network Prevent For Email to determine why a TLS connection is not succeeding. 

In order to see what exactly is being used in TLS connections, you can enable debug logging on the Prevent server. In the advanced settings page for the Prevent server, find BoxMonitor.RequestProcessorMemory and append the following argument: 

-Djavax.net.debug=ssl:handshake

After saving, recycle the detection server services.  When the next TLS connection is attempted the relevant logging data will be written to the VontuMonitor.log.