Thank you very much. By chance, is ADFS 2.0 included in the list of applications where you disabled TLS 1.0?
On Mon, Jun 22, 2015 at 3:01 PM, Rupprecht, James R. <[email protected]> wrote: > We’ve also significantly hardened the cipher suites that we accept > across our entire enterprise and have had no significant issues. Currently > running Exchange 2010 SP3 RU8 > > > > Here is our current cipher suite list (in order of preference) > > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521 > > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384 > > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256 > > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521 > > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 > > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 > > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521 > > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 > > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 > > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521 > > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 > > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 > > TLS_RSA_WITH_AES_256_CBC_SHA256 > > TLS_RSA_WITH_AES_256_CBC_SHA > > TLS_RSA_WITH_AES_128_CBC_SHA256 > > TLS_RSA_WITH_AES_128_CBC_SHA > > TLS_RSA_WITH_3DES_EDE_CBC_SHA > > TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 > > TLS_DHE_DSS_WITH_AES_256_CBC_SHA > > TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 > > TLS_DHE_DSS_WITH_AES_128_CBC_SHA > > TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA > > > > Once we have SSL certs that support ECDSA we will add those to our list. > We also anticipate that we will drop support for 3DES and AES 128 within > the next 12-18 months (if not sooner). TLS 1.0 is probably a bit further > down the road (18-24 months) though I can see that one hanging on longer as > we work to get rid of older clients and code. > > > > /jim > > > > > > ----- > > James Rupprecht > > IT Architect, Enterprise Systems > > The University of Kansas Information Technology > > Office: +1 785 864-0116 <+17858640116> > > Mobile: +1 785 550-6100 <+17855506100> > > E-mail: [email protected] > > Lync: [email protected] > > > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Richard Stovall > *Sent:* Monday, June 22, 2015 1:22 PM > *To:* [email protected] > *Subject:* Re: [Exchange] SSLv3, TLS 1.0 and RC4 on Exchange > > > > Thank you. > > > > On Mon, Jun 22, 2015 at 2:11 PM, Fusco, Brendan <[email protected]> > wrote: > > We disabled SSLv3 a while back with no negative impact. > > > > Be careful with TLS 1.0 - https://support.microsoft.com/en-us/kb/3029667 > > > > Brendan A. Fusco > > Sr. Systems Engineer > > DePaul University, Information Services > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Richard Stovall > *Sent:* Monday, 22 June, 2015 12:41 PM > *To:* [email protected] > *Subject:* [Exchange] SSLv3, TLS 1.0 and RC4 on Exchange > > > > Anyone know of repercussions if these are disabled on Exchange 2010 SP3 > UR8-v2? > > > > >
