Avatar of Eprs_Admin
Eprs_Admin
Flag for Austria asked on

harden EXCH2013

Hi Experts,

I have a new EXCH2013 installation.
Now I have to harden this server because it has direct connectivity to outside users (OWA)
I have checked my connection, with www.ssllabs.com
This connection is terrible and has a F rating.

How to bring it to A or A+ ?
SSL3.0 is already disabled but what about the rest ?
ExchangeWindows Server 2012Security

Avatar of undefined
Last Comment
Eprs_Admin

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Scott C

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Tom Cieslik

The question is what is the rest ?
Without seeing your report it's hard to say what else you can do.
 Certificate?
DKIM ?
etc..
Eprs_Admin

ASKER
Here is my Rating, see the picture.
This is the rating of the server with OWA.

F Rating
Eprs_Admin

ASKER
...and to fix insecure Renegotiation on EXCH2013 ?
Your help has saved me hundreds of hours of internet surfing.
fblack61
SOLUTION
David Johnson, CD

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Eprs_Admin

ASKER
ok I will check this tool
In the meantime I have set some configuration on my firewall for the specific virtual IP.