SSL RC4 Cipher Suites Supported (Bar Mitzvah)

Veronica N 1 Reputation point
2021-06-15T12:24:15.753+00:00

We are having this vulnerability on Windows 2012 server that has Exchange 2016 installed. It is a hybrid server. Is it safe to disable RC4 on exchange servers. I have not been able to get a clear info regarding the process to disable for Exchange servers, Please help.

Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
2,108 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Andy David - MVP 148.2K Reputation points MVP
    2021-06-15T12:41:21.017+00:00

    Enable TLS 1.2 and those ciphers wont be used:
    https://docs.digicert.com/certificate-tools/discovery-user-guide/tlsssl-endpoint-vulnerabilities/rc4-cipher-enabled/

    105766-image.png

    You can follow this guidance for Exchange to do that:

    https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-tls-guidance-part-1-getting-ready-for-tls-1-2/ba-p/607649

    Its three parts so go through each section carefully and test.

    0 comments No comments

  2. KyleXu-MSFT 26,261 Reputation points
    2021-06-16T01:25:57.26+00:00

    @Veronica N

    Here is also a blog which suggest disable RC4 ciphers:
    106011-qa-kyle-09-22-58.png
    106012-qa-kyle-09-23-14.png


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.