I too am encountering a similar TLS issue with Duo for RDS. I am able to lock the server down to TLS 1.2 and RD Gateway works, but the RD Web fails. Based on my testing, RD Web only passes traffic successfully if TLS 1.0 is enabled on the server.
M...