Does EWS connection supports TLS 1.2

Question

I am not an expert on EWS or TLS 1.2. And I am not sure on how to investigate on this issue.

Basically, I have client application that is heavily using EWS, in a form of pulling data from Exchange server and receiving notifications on subscribed topics from Exchange server.

I have a question from client that I am working for. Does EWS connection, that I use from client app to Exchange server supports TLS 1.2?

Exchange servers can be both 2010 and 2013.

I am not sure how I can confirm this, or this is supported by default.

Any advices or suggestions are welcome.

EDIT:

Client application is written in JavaScript.

The endpoint for Exchange server is https://outlook.office365.com/EWS/Exchange.asmx

As obvious it is https endpoint. Does this means that is is already working well under TLS 1.2 compliance?

Answer 1

TLS is done at the transport layer so for EWS the support depends on the underlying IIS setting. For Office365, the answer is yes (see here).

HTTPS (OWA, Outlook, EWS, Remote PS, etc.) – The support for TLS 1.1 and 1.2 is based on the support in IIS itself. Windows 2008 R2 or later supports both TLS 1.1 and 1.2, though the specific version of Windows may have these disabled or enabled by default. There is another important caveat here: the HTTPS proxy between CAS and Mailbox requires TLS 1.0 in current versions of Exchange Server – so disabling TLS 1.0 between CAS and Mailbox causes the proxy to fail. This is also something we have addressed in the Exchange 2016 Preview. We hope to make this available in a future CU, or you can make a request for it via Support. If you have dedicated roles, you can technically disable TLS 1.0 between the client & CAS, but we still are not recommending this. Office 365 already supports TLS 1.1 & 1.2, if the client supports them.

Put basically the client endpoint support TLS 1.2 so as long as your client supports it you should be good.

Cheers Glen