Crazy situation here. Error happens when an iPad is behind the TMG and is accessing a Citrix netscaler. TLS negotiates in v1 but the iPad being iOS 6 will only work with TLSv1.2 It asks for the change and then there is an Encrypted Alert (21). Put the iPad out on a internet connection without TMG and it works (using TLSv1.2). Does anyone have a clue on this?
iPad sends TLSv1 "Change Cipher Spec" to TMG
then there are two SSL packets transmitted. One each way
TMG sends TLSv1 "Encrypted Alert"(21)
Connection fails at that point.