The Workaround is quite simple. Since the Servers negotiate a TLS1.0 Protocol with a Cipher that is only supported by TLS 1.2, I have used the SSLCipherSpec notes.ini Variable to restrict Ciphers to a set that is supported bei both Versions.
I added The Line "SSLCipherSpec=3933352F0A" to the notes.ini and Problems were gone!
Now my questions to Dave (hope he is still reading this)
You wrote that the notes.ini parameters DISABLE_SSLV3 and SSL_DISABLE_TLS_10 only have an effect when Domino is acting as server (incoming mail).
Is there a way to drop all connections, no matter if incoming or outgoing, if the Protocol Version is lower than TLS 1.0?
from your log shows that you are configured to use TLS 1.2. When acting as a client and configured to use TLS 1.2, Domino will always offer the full TLS 1.2 cipher list. If the server selects a lower protocol version, it is their responsibility to select a cipher that works with the selected protocol version.
This looks like a poorly configured recipient server. But the majority of problems were with gmx, gmail, yahoo and web.de. Has anyone else similar problems with these Domains?