The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.
Exchange Server 2013 and official TLS 1.1 / 1.2 support for EWS?
I see SMTP now supports TLS 1.1 & 1.2 in Exchange 2013 with Cumulative Update 8. However, I cannot find anything from Microsoft that states whether Exchange Web Services (EWS) support TLS beyond 1.0 or not. Would anyone have a link to what TLS versions 2013 supports in EWS? I just cannot find a statement or feature support that lists it.
I would be using Server 2012 R2 which supports TLs 1.1 and 1.2 at the OS level. SO its just the Exchange App I am concerned with.
I would be using Server 2012 R2 which supports TLs 1.1 and 1.2 at the OS level. SO its just the Exchange App I am concerned with.
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
my understanding is Exchange EWS require TLS1.0 (at least) to continue functioning.
See
https://social.technet.microsoft.com/Forums/office/en-US/f20a358b-b7de-4c6c-a972-7212ab113034/exchange-2010-ews-and-disabling-tls-10?forum=exchangesvrdeploy
and
http://community.spiceworks.com/topic/608560-exchange-2010-poodle-and-security?page=2#entry-4671767
you need to keep track with Microsoft about this topic :)
See
https://social.technet.microsoft.com/Forums/office/en-US/f20a358b-b7de-4c6c-a972-7212ab113034/exchange-2010-ews-and-disabling-tls-10?forum=exchangesvrdeploy
and
http://community.spiceworks.com/topic/608560-exchange-2010-poodle-and-security?page=2#entry-4671767
you need to keep track with Microsoft about this topic :)
Further,
IIS is POODLE free if you follow Microsoft security advice,
https://technet.microsoft.com/en-us/library/security/3009008.aspx?f=255&MSPPError=-2147217396
If you need any support, you should follow the tips in Support section.
From:
http://forums.iis.net/t/1222245.aspx?Poodle+TLS+NOT+ssl+v3+
IIS is POODLE free if you follow Microsoft security advice,
https://technet.microsoft.com/en-us/library/security/3009008.aspx?f=255&MSPPError=-2147217396
If you need any support, you should follow the tips in Support section.
From:
http://forums.iis.net/t/1222245.aspx?Poodle+TLS+NOT+ssl+v3+
This question is about planning our upgrade away from Exchange 2010, not fixing it. Our 2010 server is fully patched and the protocols are configured as FIPS 1. Secure SMTP is OK now, but EWS is stuck at TLS 1.0 and that seems unlikely to change.
We were looking to migrate to Exchange 2013 in the next month or two. But we cannot determine whether EWS in Exchange 2013 supports TLS 1.1/1.2 or not? If not, then a move to 2013 may not meet our requirements and we will need to look at other possibilities.
We were looking to migrate to Exchange 2013 in the next month or two. But we cannot determine whether EWS in Exchange 2013 supports TLS 1.1/1.2 or not? If not, then a move to 2013 may not meet our requirements and we will need to look at other possibilities.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
This is what I seem to find as well. I have found other with 2013 listing issues with this support lacking as well. No word from Microsoft on EWS supporting 1.1/1.2 in the future anywhere I have looked.
Follow Up
TLS 1.1/1.2 support for HTTP and SMTP (but not POP3 or IMAP) was added in Update Rollup 9 for Microsoft Exchange Server 2010 Service Pack 3 (SP3) was released on March 17, 2015. See: https://support.microsoft.com/en-us/kb/3030085
Support for TLS 1.1/1.2 was also added in Exchange 2013 CU8.
Exchange 2016 and Office 365 appear to support TLS 1.1/1.2 on all services from what I have read in a few places, but I do not have an official Microsoft link to verify that yet.
The Technet blog post "Exchange TLS & SSL Best Practices" was published on 27 Jul 2015 with details on TLS support, requirements and recommendations for each service.
See: http://blogs.technet.com/b/exchange/archive/2015/07/27/exchange-tls-amp-ssl-best-practices.aspx
There are some few pre-requisites to this working end to end.
TLS 1.1/1.2 support for HTTP and SMTP (but not POP3 or IMAP) was added in Update Rollup 9 for Microsoft Exchange Server 2010 Service Pack 3 (SP3) was released on March 17, 2015. See: https://support.microsoft.com/en-us/kb/3030085
Support for TLS 1.1/1.2 was also added in Exchange 2013 CU8.
Exchange 2016 and Office 365 appear to support TLS 1.1/1.2 on all services from what I have read in a few places, but I do not have an official Microsoft link to verify that yet.
The Technet blog post "Exchange TLS & SSL Best Practices" was published on 27 Jul 2015 with details on TLS support, requirements and recommendations for each service.
See: http://blogs.technet.com/b/exchange/archive/2015/07/27/exchange-tls-amp-ssl-best-practices.aspx
There are some few pre-requisites to this working end to end.
Exchange must running on Windows Server 2008 R2 (2008 must be R2) or above.
The MAPI client must run on Windows 8.1 or later.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange
From novice to tech pro — start learning today.
-
Business CommunicationCertification: PMI ACP Project Management Institute Agile Certified Pra… 283 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Excel 2007 Adva… 188 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Outlook 2013 Par… 191 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
If your IIS is restricted to use TLS 1.1/2 then any application which is configured in IIS will use only restricted ciphers.
You can use this tool to restrict your IIS to use strong ciphers as well as. One more article from IIS forum same tool is suggested.