Exchange Server a Transport Layer Security (TLS) I will explain how you can configure it. I also created a tool to make this process easier. PowerShell I will also share the details via the script.
Table of Contents
About Configuring Exchange Server TLS
Exchange Server, to ensure secure data communication TLS protocols. However, Exchange Server 2019 does not yet support TLS 1.3. Therefore, in this article, we will focus on enabling TLS 1.2 and disabling older versions.
TLS 1.2 reduces security vulnerabilities and offers stronger encryption methods to ensure data integrity. Enabling TLS 2019 in Exchange Server 1.2 increases your system security while ensuring compliance and data protection.
Exchange Server TLS Configuration Script
The script automates enabling TLS 1.2 and disabling other older TLS versions on the computer. Note that there is no support for TLS 1.3, so this option is not available in the script.
- Display-Menu Function: Prints the menu on the screen and offers the user 3 options.
- Enable-TLS12 Function: Enables TLS 1.2.
- Disable-OtherTLSVersions Function: Disables other older TLS versions.
- Main Loop: It allows the user to select an option and the script to act accordingly.
<#
=============================================================================================
Name = Cengiz YILMAZ
Microsoft Certified Trainer (MCT) - Microsoft MVP
Date = 18.08.2022
www.cengizyilmaz.net
365gurusu.com
www.cozumpark.com/author/cengizyilmaz
============================================================================================
#>
Function Display-Menu {
param (
[string]$Title = 'TLS Configuration Menu'
)
Clear-Host
Write-Host "=============== $Title ================" -ForegroundColor Cyan
Write-Host '1: Enable TLS 1.2' -ForegroundColor Green
Write-Host '2: Disable Other TLS Versions' -ForegroundColor Yellow
Write-Host '3: Exit' -ForegroundColor Red
}
Function Enable-TLS12 {
$RegPath = 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server'
$Net45Path = 'HKLM:SOFTWAREMicrosoft.NETFrameworkv4.0.30319'
$Net45Path_WOW64 = 'HKLM:SOFTWAREWOW6432NodeMicrosoft.NETFrameworkv4.0.30319'
$Net35Path_WOW64 = 'HKLM:SOFTWAREWOW6432NodeMicrosoft.NETFrameworkv2.0.50727'
$Net35Path = 'HKLM:SOFTWAREMicrosoft.NETFrameworkv2.0.50727'
$StrongCrypto = 'SchUseStrongCrypto'
$DefaultTlsVersion = 'SystemDefaultTlsVersions'
# Enable strong crypto on .NET Framework 4.5
Set-ItemProperty -Path $Net45Path -Name $StrongCrypto -Value '1'
Set-ItemProperty -Path $Net45Path_WOW64 -Name $StrongCrypto -Value '1'
# Enable strong crypto on .NET Framework 3.5
Set-ItemProperty -Path $Net35Path_WOW64 -Name $StrongCrypto -Value '1'
Set-ItemProperty -Path $Net35Path -Name $StrongCrypto -Value '1'
# Set system default TLS versions for both 4.5 and 3.5
Set-ItemProperty -Path $RegPath -Name $DefaultTlsVersion -Value '1'
# Enable TLS 1.2
New-ItemProperty -Path $RegPath -Name 'Enabled' -Value '1' -PropertyType 'DWord' -Force
Write-Host "TLS 1.2 Enabled" -ForegroundColor Green
}
Function Disable-OtherTLSVersions {
$TLS10Server = 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server'
$TLS11Server = 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Server'
# Disable TLS 1.0
New-ItemProperty -Path $TLS10Server -Name 'Enabled' -Value '0' -PropertyType 'DWord' -Force
# Disable TLS 1.1
New-ItemProperty -Path $TLS11Server -Name 'Enabled' -Value '0' -PropertyType 'DWord' -Force
Write-Host "Other TLS versions have been disabled" -ForegroundColor Yellow
}
$exitLoop = $false
while ($exitLoop -eq $false) {
Display-Menu
$choice = Read-Host "Please make a selection"
switch ($choice) {
'1' {
Enable-TLS12
}
'2' {
Disable-OtherTLSVersions
}
'3' {
Write-Host "Exiting..." -ForegroundColor Red
$exitLoop = $true
break
}
}
if ($exitLoop -eq $false) {
Write-Host 'Press any key to continue ...' -ForegroundColor Magenta
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
}
}
2 comments on “Exchange Server TLS Configuration”