SSL 3.0 is most likely already enabled, what you have to do is disable 2.0 so the first one is the only one accepting the connections. That needs to be changed from the registry on your gateway server, it has nothing to do with TMG or ISA, so go to your gateway server and check the below link which will guide you on the right direction. http://support.microsoft.com/kb/187498 Regards Diego R. Pietruszka From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore Sent: Wednesday, November 03, 2010 11:01 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] SSL 2.0 vs SSL 3.0 This may be a stupid question, or maybe not. I am ignorant on this topic. Our Development office is looking to do some processing of credit card info on our network. So a third party ran a scan on the public side of our network. One of the things they found was that a couple of our public facing addresses are using SSL 2.0. They want us to discontinue that and use SSL 3.0. The address in question is our Terminal Services Gateway, and it's being presented to the outside world via TMG. It only accepts HTTPS traffic. We're using a commercial SSL cert. I have no idea how to change from SSL 2.0 to 3.0, nor what the ramifications might be if I did make the switch. Any insights? (They found some other vulnerabilities as well, on a separate address. But I want to start with just this one question so as not to muddy the waters. I may follow up with another question or two.) Thanks, Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rob Moore Network Manager 215-241-7870 Helpdesk: 800-500-AFSC