Outlook 2011 to use SSLV3

Our organization recently disabled SSLv2 on our Forefront TMG box, and all of our Mac's fell off the E-mail wagon, similar to what you describe. The problem isn't disabling SSLv2, as we were able to resolve this problem.

In the same link you posted, http://www.isaserver.org/articles-tutorials/configuration-security/improving-ssl-security-forefront-threat-management-gateway-tmg-2010-published-web-sites.html , the problem rests in the step of changing SChannel's mode from compatible to strict, which was modified using the following "navigate to HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\ and create a new DWORD value called AllowInsecureRenegoClients set to 0. Restart the TMG firewall for this change to take effect."

As I was methodically going through the settings trying to get our Mac Clients reconnected, as soon as I changed the setting from "0" to "1", my mac immediately connected back to Exchange through the TMG box.

Changing this setting to a "1" will still give your TMG box a rating of an "A-" if you test it against the same test as described in the isaserve.org article.

Note when making this change, all you should need to do is restart the TMG Firewall Service, you should not need to reboot the server.

Here is some more information on what this key setting is supposed to mitigate. http://blogs.technet.com/b/isablog/archive/2013/09/18/isa-2006-tmg-2010-disable-client-initiated-ssl-renegotiation-protecting-against-dos-attacks-and-malicious-data-injection.aspx

I should also note that we have the following setting on our TMG server, and Macs do connect.

 If the DisableRenegoOnServer subkey is present and has any nonzero value

  

o Server initiated renegotiation is not allowed.

   

o The server will not respond to renegotiation requests from the client.