On the port settings, "TLS" actually means "StartTLS is enabled", so encryption is optional. This setting is necessary for incoming Internet messages on port 25. For client connections, mandatory encryption is recommended, and this is implemented by choosing "SSL", which means "StartTLS is disabled" and "unencrypted is disabled". This configuration choice is actually independent of whether you are using weak or strong encryption protocols.
The protocol development sequence was SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, and finally TLS 1.3. Protocols prior to TLS 1.2 are deprecated because of white hat research which indicates that they are vulnerable. The choice of encryption level is is controlled by" Admin settings... Protocols... Security Protocols". From there, you can specify a minimum encryption level for SmarterMail alone, or choose the "System Defaults" option and configure the settings with Windows registry keys.
For inbound and outbound traffic, you may want to allow weak encryption, because there are still a few senders and receivers that cannot do TLS 1.2, and you cannot be sure that a failed encryption connection will cause a reattempt with no encryption. This possibility creates an incentive to implement both incoming and outgoing gateways, because client connections to your main server should only use strong protocols.
All of this means that you probably do not need two identities for one server. You can use different ports with different settings to accomplish the same thing.
Hope this helps.