Just as a follow-up to the above question... we found out the client is running the client application on a Windows Server 2008 box. Windows Server 2008 does not include the TLS 1.2 cipher suite, so all requests were coming through using the TLS 1 cipher suite. The solution is either to have the client update their server OS or install a patch that includes the TLS 1.2 cipher suites and then enable and prioritize those.