Exchange 2013 and TLS 1.1/1,2

Question

I have Exchange 2013 on Windows 2012R2 server. Everything is patched and up to date.

Recently out PCI scanner has required that TLS 1.0 not be used to pass compliance. So using Qualys IIS Crypto I used the PCI template and unchecked TLS 1.0. Restart the server. After restart I can get to OWA just fine. It shows using TLS 1.2. However if I login it I get a blank page.

If I try Outlook 2013 it will not load the profile. If I try to test the AutoConfiguration I get unable to determine settings.

If I go back recheck TLS 1.0 and reboot, everything works fine again.

Am I missing something?

Went from CU7 to CU8, same result – T3chn0crat Apr 25 '15 at 22:15 — T3chn0crat, Apr 25 '15 at 22:15

score 1 · Answer 1 · answered Jun 15 '15 at 16:35

I have engaged Microsoft regarding this issue. Here is their response:

Disabling TLS 1.0 on Exchange is unsupported. Solution is to keep TLS 1.0 enabled on Exchange Server.

An article will be released publicly at the earliest. Kindly update your client accordingly and feel free to reply back with queries.

Regards, Ramakrishnan M Microsoft Exchange Client Server Interface

score 0 · Answer 2 · answered Jun 05 '17 at 15:20

0

Exchange 2013 CU17 is due to be released in June 2017 and will contain TLS 1.2 support.

More info here: https://blogs.technet.microsoft.com/exchange/2017/03/21/released-march-2017-quarterly-exchange-updates/

answered Jun 05 '17 at 15:20

Reado

702
2
10
25

Exchange 2013 and TLS 1.1/1,2

2 Answers2