locked
2008 r2 exchange 2010 ciphers tls iis crypto? RRS feed

  • Question

  • I've been charged with migrating to exchange 2016.

    I've also been charged with securing the existing exchange 2010 platform that exists.

    There's 2 front end HUB/CAS servers and 3 backend mailbox servers.

    all 2008 r2 with latest updates and cu30.

    One of the main lacking security items on this legacy platform is ciphers, ssl/tls versions are way behind and i am not sure the best way to do this to not break client access and cause a problem with exchange itself.

    I've found that IIS Crypto tool is an easy way to comply with the latest ciphers and tls/ssl settings.

    Is this true? Any issues with 2008 r2/exchange 2010 that I should be aware of?

    I'm going to test this in a lab, but that isnt exactly a mirror image of our production env.

    https://dirteam.com/dave/2015/06/07/checking-security-protocols-and-ciphers-on-your-exchange-servers/

    <style><br _moz_dirty="" /></style>

    Thursday, March 5, 2020 5:11 PM

All replies

  • Hi

    I have used IISCrypto on Server 2016/Exchange 2016, and it works without an error however not on the older servers and exchange versions.

    Remember to turn on TLS 1.2 on Exchange 2010 requires some configuration.


    Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thursday, March 5, 2020 6:36 PM
  • Hi,

    Do you still use TLS 1.0/1.1 in your environment? Do you want to enable TLS 1.2 as recommended?

    As Edward van Biljon mentioned, there are some requirements for Exchange 2010 and Windows Server 2008 R2 for TLS 1.2. You can check this blog for more details: Exchange Server TLS guidance, part 1: Getting Ready for TLS 1.2

    From the link above, you also can get more information about how to enable TLS 1.2. Please let us know if you need further assistance.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Friday, March 6, 2020 6:10 AM
  • Just checking in to see if above information was helpful. If you have any questions or need further help on this issue, please feel free to post back.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, March 11, 2020 8:55 AM