You may have recently heard about the Poodle SSL 3.0 vulnerability which allows an attacker to get information from an encrypted session.

This should not affect TMG and UAG but it’s still recommended disabling SSL 3.0 altogether.

To disable SSL 3.0 follow the below steps:

  • Navigate to “HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 3.0Server”
  • Create a DWORD called “Enabled”
  • Set the Value to “0”
  • Restart the TMG Firewall service

Hope this helps J