I am having a problem passing PCI compliance scans from Trustwave. What is failing is having TLS 1.0 enabled on our Exchange 2010 server which is on Windows Server 2008R2. I downloaded IIS Crypto to help with this and it helped me disable SSL 2.0, 3.0 and PCT 1.0 so I was able to at least get that far. Now I am left with just TLS 1.0 failing me.
If I disabled TLS 1.0 I could no longer RDP to the server and the Android and iPhone phones were not able to communicate with the Exchange Server. If I re-enable TLS again, things return to normal with RDP and phones. I figured out how to use RDP with TLS1 disabled by changing the properties of RDP-TCP to use RDP security layer rather than SSL (TLS 1.0). I still can't get phones to work with Exchange with TLSv1 disabled so I have had to leave it.
What is causing Android and iPhones to quit working when TLS 1.0 is disabled?
The attachment shows what Trustwave is finding enabled with TLS 1.0.
Even though I have supplied Trustwave with documentation showing that the two computers processing credit cards are isolated from the Exchange server with a dedicated firewall, they deny my dispute and I am left with a single thing holding me back from being certified. Frustrating.
Is there a way I can tweak my system to work with phones on the Exchange Server with TLS 1.0 disabled?