I have a TMG 2010 (Forefront Threat Manager Gateway 2010) sitting on Windows Server 2003 R2 and I have several websites published through it. One of the websites is sitting on Windows Server 2012 R2. I know that Server 2003 R2 ships with TLS 1.0 and Server 2012 R2 ships with TLS 1.2. When I open the website from the internal network (not going through TMG) Google Chrome shows that the connection uses TLS 1.2. When, however, I open the published website from an external network (going through TMG), Google Chrome says the connection uses TLS 1.0.
How can I let the visitor not use TMG's TLS implementation but the version of the windows server on which the published site sits? Thanks in advance.
Best Answer
There are a bunch of registry settings you can make, including to enable TLS 1.1 and 1.2 for TMG 2010, according to http://www.isaserver.org/articles-tutorials/configuration-security/improving-ssl-security-forefront-threat-management-gateway-tmg-2010-published-web-sites.html
The rest of that page looks to be mandatory work for any current TMG deployment.