We’ve also significantly hardened the cipher suites that we accept across our entire enterprise and have had no significant issues. Currently running Exchange 2010 SP3 RU8
Here is our current cipher suite list (in order of preference) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA Once we have SSL certs that support ECDSA we will add those to our list. We also anticipate that we will drop support for 3DES and AES 128 within the next 12-18 months (if not sooner). TLS 1.0 is probably a bit further down the road (18-24 months) though I can see that one hanging on longer as we work to get rid of older clients and code. /jim ----- James Rupprecht IT Architect, Enterprise Systems The University of Kansas Information Technology Office: +1 785 864-0116<tel:+17858640116> Mobile: +1 785 550-6100<tel:+17855506100> E-mail: [email protected]<mailto:[email protected]> Lync: [email protected]<sip:[email protected]> From: [email protected] [mailto:[email protected]] On Behalf Of Richard Stovall Sent: Monday, June 22, 2015 1:22 PM To: [email protected] Subject: Re: [Exchange] SSLv3, TLS 1.0 and RC4 on Exchange Thank you. On Mon, Jun 22, 2015 at 2:11 PM, Fusco, Brendan <[email protected]<mailto:[email protected]>> wrote: We disabled SSLv3 a while back with no negative impact. Be careful with TLS 1.0 - https://support.microsoft.com/en-us/kb/3029667 Brendan A. Fusco Sr. Systems Engineer DePaul University, Information Services From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Richard Stovall Sent: Monday, 22 June, 2015 12:41 PM To: [email protected]<mailto:[email protected]> Subject: [Exchange] SSLv3, TLS 1.0 and RC4 on Exchange Anyone know of repercussions if these are disabled on Exchange 2010 SP3 UR8-v2?
