Nick, This note section 7 is very useful.
\
http://service.sap.com/sap/support/notes/510007
Basically it describes what version of crypto was SAPcrypto was compatible with TLS1.0
Now moving to another option..so SAPCRYPTO PL28 and higher supports TLS1.0, how in SAP can I set the webserver not to negotiate in SSL3.0 and use TLS1.0.
This is the big question. Getting the firewall guys or clients settings is too easy, I want to stop it at the source which is the Webserver