The Outbound servers for the FOPE service currently run 2008 R2.   The TLS ciphersuites available in Schannel for 2008 R2 include both the list at http://msdn.microsoft.com/en-us/library/aa374757(VS.85).aspx as well as the 2 extra cipher suites listed at http://technet.microsoft.com/en-us/library/dd560644(WS.10).aspx

 

Note this is a change as of 10/4/10 as previously the outbound servers were limited to the ciphersuites listed below.  From a technical perspective there should no longer be issues with deferred email due to opportunistic TLS failing when the receiving server decides that the cipher suite picked is not high enough for policy reasons.

  • TLS_RSA_WITH_RC4_128_MD5
  • TLS_RSA_WITH_RC4_128_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_DES_CBC_SHA
  • TLS_DHE_DSS_WITH_DES_CBC_SHA
  • TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
  • TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
  • TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
  • TLS_RSA_EXPORT_WITH_RC4_40_MD5
  • TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
  • TLS_RSA_WITH_NULL_MD5
  • TLS_RSA_WITH_NULL_SHA