Há várias configurações de registro que você pode fazer, inclusive para habilitar o TLS 1.1 e 1.2 para o TMG 2010, de acordo com link
It’s also a good idea to enable new protocols such as Transport Layer Security (TLS) v1.1 and v1.2 for modern clients that support them. To do this, open the registry and navigate to HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols and create two new keys called TLS 1.1 and TLS 1.2. Under each of these keys create new keys called Client and Server. Within each Client and Server key under TLS 1.1 and TLS 1.2 create DWORD values called DisabledByDefault set to 0 and Enabled set to 1. Restart the TMG firewall for this change to take effect.
O restante dessa página parece ser um trabalho obrigatório para qualquer implantação atual do TMG.