The options are to either
1) upgrade the existing secure gateway to 8.0.1 as this supports TLS 1.0 and 1.1
2) Build a new secure gateway server (on 8.x) as a separate server and direct all users to this gateway.
3) take the vWorkpsace Web proxy (just the web proxy element) out of the mechanism and use the IIS SSL to secure the traffic.
4) advise users to only use IE