The issue still remains if TLS 1.0 and SSL 3.0 are disabled. At the moment I don't see any way around this and maybe Microsoft needs to look into this for the future as TLS 1.0 is likely to be phased out over time.
The reason I had TLS 1.0 disabled was to mitigate the BEAST attack, as I found in some reading last night this was the wrong way to do this. To properly disable the BEAST attack on a server one should elevate a specific RC4 cipher so it is the one used with TLS 1.0. Unfortunately this raised another about the fact that the RC4 cipher is also vulnerable but that is another discussion.
I realize that I have not found an answer to the question. But my issue has been solve by keeping TLS 1.0 enabled in the registry.
Microsoft has recently revealed (without a lot of fanfare) that they will be investing in TLS 1.2 and phasing out SSL. It should be relevant to all editions of SQL Server.
UPDATE 2016-01-29 : Microsoft has announced official support for TLS 1.2 in 2008, 2008 R2, 2012, & 2014. Downloads and other info can be found in KB #3135244.
I blogged about a few of the issues that have been mentioned, as well as a warning if you are using encrypted endpoints in 2014:
The post also points to the correct build to download (or other action) depending on @@version.
Whether this move will affect all existing versions, just 2014 and above, or just 2016, remains to be seen. The quote below seems to imply at least 2014 will be part of the work - and I suspect much of the investment will be in the client libraries, not in the engine, so it is feasible that it will work for any version that the next release of the ODBC/Native Client drivers will support.
I got this from a PowerPoint deck by Kevin Farlee of Microsoft, and was given permission to share the information, though I don't know how much of it has been redistributed at this point. Here is the exact quote from the deck:
Encryption in flight: Protects data between client and server against snooping & man-in-the-middle attacks. Upgrading to TLS 1.2 in CY 15, phasing out SSL.
Also if you look at KB #3052404, it seems there are patches to make it work with 2012 SP+ and 2014 (patches won't be required for 2016), but no indication there will be any back-porting to SQL Server 2005, 2008, or 2008 R2 (and frankly, I'd be quite surprised).
Best Answer
You don't strictly need a newer version of SQL Server; however as a general thing I always prefer to be using the most recent version (especially in this case, because in SQL Server 2016 SP1, you get all kinds of new features in Express Edition).
You do need to apply one of the following updates, though (I go through more details in this blog post). They are listed in my order of preference:
That's the gist of it; if you want to get into all the nitty gritty, here is a KB article I'm stealing from Max's deleted post.