Does not support TLS

create share 661 Reputation points
2020-11-07T01:01:59.503+00:00

Hi,

We have a single Exchange 2013 Server with CU23 installed. When we are checking the security of the server from the internet, it says "does not support TLS". How can we check if our server has TLS enabled for incoming and outgoing connections?

Thanks.

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,601 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Lydia Zhou - MSFT 2,376 Reputation points Microsoft Employee
    2020-11-09T03:07:04.603+00:00

    @create share

    On Exchange server, protocol logging records the SMTP conversations that occur between messaging servers as part of message delivery. They will contain the encryption protocol and other encryption related information used during the exchange of email between two systems. 

    When the server is the SMTP receiving system, the following strings exist in the log depending on the version of TLS used.

    • TLS protocol SP_PROT_TLS1_0_SERVER
    • TLS protocol SP_PROT_TLS1_1_SERVER
    • TLS protocol SP_PROT_TLS1_2_SERVER

    When the server is the SMTP sending system, the following strings exist in the log depending on the version of TLS used.

    • TLS protocol SP_PROT-TLS1_0_CLIENT
    • TLS protocol SP_PROT-TLS1_1_CLIENT
    • TLS protocol SP_PROT-TLS1_2_CLIENT

    By default, protocol logging is disabled on all Send connectors and Receive connectors. You can use the following command to enable specific connectors:

    Set-ReceiveConnector "<ConnectorIdentity>" -ProtocolLoggingLevel Verbose  
    Set-SendConnector "<ConnectorIdentity>" -ProtocolLoggingLevel Verbose  
    

    Additionally, please also check the Registry Editor to make sure TLS 1.0/1.1/1.2 is enabled. Since some organizations may only accept inbound network connections with TLS 1.2, it's suggested to enable TLS 1.2 as well.
    For your reference: Exchange Server TLS guidance Part 2: Enabling TLS 1.2 and Identifying Clients Not Using It.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.