<div>
Thank you. &nbsp;This was very helpful. After making the modifications and using the ssllabs.com site I was able to pass my PCI compliance scan.
</div>


Thank you.  This was very helpful. After making the modifications and using the ssllabs.com site I was able to pass my PCI compliance scan.

<div>
<div class="content wysiwyg-content">
We have recently updated to Windows 2012 and Exchange 2013. &nbsp; Since doing so, now my PCI compliance scan for our credit card provider fails. &nbsp;The main failure is that the RC4 cipher is being &nbsp;used as well as TLS 2.0 and 3.0 as well as a SSL/TLS Diffie-Hellman Modulus &lt;= 1024 Bits (LogJam) entry. &nbsp;When I have tried to disable the use of the RC4 and TLS 2.0 and 3.0 I ran into an issue that now my OWA and Activesync sites no longer work. &nbsp;Therefore, I removed the registry entries that I created to attempt to remove the non compliant protocols. &nbsp;Now OWA and Activesync are working again but I am still not compliant on my scan since these &quot;unsafe&quot; protocols are in use.<br />
<br />
Can anyone offer some assistance as to how to disable these protocols correctly and still have my IIS sites for Exchange server working correctly?
</div>
</div>


We have recently updated to Windows 2012 and Exchange 2013.   Since doing so, now my PCI compliance scan for our credit card provider fails.  The main failure is that the RC4 cipher is being  used as well as TLS 2.0 and 3.0 as well as a SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (LogJam) entry.  When I have tried to disable the use of the RC4 and TLS 2.0 and 3.0 I ran into an issue that now my OWA and Activesync sites no longer work.  Therefore, I removed the registry entries that I created to attempt to remove the non compliant protocols.  Now OWA and Activesync are working again but I am still not compliant on my scan since these "unsafe" protocols are in use.

Can anyone offer some assistance as to how to disable these protocols correctly and still have my IIS sites for Exchange server working correctly?

PCI compliance on Exchange 2013/Windows 2012 server

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

Exchange

Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.

Windows Server 2012

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.