I see SMTP now supports TLS 1.1 & 1.2 in Exchange 2013 with Cumulative Update 8. However, I cannot find anything from Microsoft that states whether Exchange Web Services (EWS) support TLS beyond 1.0 or not. Would anyone have a link to what TLS versions 2013 supports in EWS? I just cannot find a statement or feature support that lists it.
I would be using Server 2012 R2 which supports TLs 1.1 and 1.2 at the OS level. SO its just the Exchange App I am concerned with.
If your IIS is restricted to use TLS 1.1/2 then any application which is configured in IIS will use only restricted ciphers.
You can use this tool to restrict your IIS to use strong ciphers as well as. One more article from IIS forum same tool is suggested.