• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 50
  • Last Modified:

Disable SSL on Exchange

We are running Exchange 2010 SP3 RU12, and I'm trying to determine is disabling SSL on the server and client is acceptable without breaking anything. From what I have read it seems that everything should be fine, but trying to get an opinion from others that may
have done this.
0
timgreen7077
Asked:
timgreen7077
  • 5
  • 3
1 Solution
 
KimputerCommented:
It will work. It's just that when someone uses a public wifi (or any other network that's not their home or office connection), the traffic can be decoded quite easily (meaning, no privacy, all the email can be read in an instant). This obviously requires a hacker on that same foreign network.
0
 
timgreen7077Exchange EngineerAuthor Commented:
This may be above my original question, but have you ever done this and what steps did you follow. If  this is above the original question and you choose not to answer i understand.
0
 
El FierroNetwork EngineerCommented:
You will encounter issues...
Exchange Server server that hosted the Client Access server role has SSL required by default for services such as:

    Outlook Web App (OWA)
    ActiveSync (mobile device access)
    Exchange Web Services
    Outlook Anywhere (aka RPC-over HTTPS)

May we know why you want to disable the ssl?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
timgreen7077Exchange EngineerAuthor Commented:
the security team see it as a vulnerability. We will continue using TLS but they want to remove SSL.
0
 
El FierroNetwork EngineerCommented:
The only issue i encountered by a 3rd party security auditing was that my ssl had to 1024 bit encryption instead of 2048. The auditor also gave us crap about it not being bought from a "trusted" seller.that was resolved by showing them that our exchange ssl was bought from a authorized godaddy reseller.I'm curious why is it a vulnerability from their view?
0
 
timgreen7077Exchange EngineerAuthor Commented:
Our SSL cert is also from a 3rd party and it 2048, but they want to disable SSL on the server side and client side of Exchange. Its also because of auditing. I have a call into Microsoft to see what they say also. I'm also curious about what you guys say here at the exchange.
0
 
El FierroNetwork EngineerCommented:
Well tim you need it as shown on the list, prior to exchange 07 it wasnt required but you will encounter various authentication issues and errors on the client side just to name a couple .you would think they'd know and tell u more about disabling ssl on exchange. Ive never heard of anyone saying u have to disable ssl unless they ask u to replace it..unless you dont require external access then u can use a self signed ssl.
0
 
timgreen7077Exchange EngineerAuthor Commented:
I have reached out to Microsoft on this and disabling SSL will not cause and issue. The actually sent me a link with instructions and via multiple emails assured me that it will not affect anything. Only devices that rely on SSL 2.0 or 3.0 will be affected but generally most devices no understand TLS, so disabling SSL will be fine. See link

https://blogs.technet.microsoft.com/samdrey/2014/10/17/vulnerability-in-ssl-3-0-poodle-attack-and-exchange-2010-or-exchange-2013/
0
 
timgreen7077Exchange EngineerAuthor Commented:
After communicating with Microsoft they assured me that disabling SSL will not cause any issues other than devices that only speak SSL but that is rare.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now