Configuring Exchange Server TLS

Exchange Server a Transport Layer Security (TLS) I will explain how you can configure it. I also created a tool to make this process easier. PowerShell I will also share the details via the script.

About Configuring Exchange Server TLS

Exchange Server, to ensure secure data communication TLS protocols. However, Exchange Server 2019 does not yet support TLS 1.3. Therefore, in this article, we will focus on enabling TLS 1.2 and disabling older versions.

TLS 1.2 reduces security vulnerabilities and offers stronger encryption methods to ensure data integrity. Enabling TLS 2019 in Exchange Server 1.2 increases your system security while ensuring compliance and data protection.

Exchange Server TLS Configuration Script

The script automates enabling TLS 1.2 and disabling other older TLS versions on the computer. Note that there is no support for TLS 1.3, so this option is not available in the script.

  1. Display-Menu Function: Prints the menu on the screen and offers the user 3 options.
  2. Enable-TLS12 Function: Enables TLS 1.2.
  3. Disable-OtherTLSVersions Function: Disables other older TLS versions.
  4. Main Loop: It allows the user to select an option and the script to act accordingly.
<#
=============================================================================================
Name = Cengiz YILMAZ
Microsoft Certified Trainer (MCT) - Microsoft MVP
Date = 18.08.2022
www.cengizyilmaz.net
365gurusu.com
www.cozumpark.com/author/cengizyilmaz
============================================================================================
#>
Function Display-Menu {
    param (
        [string]$Title = 'TLS Configuration Menu'
    )
    Clear-Host
    Write-Host "=============== $Title ================" -ForegroundColor Cyan
    Write-Host '1: Enable TLS 1.2' -ForegroundColor Green
    Write-Host '2: Disable Other TLS Versions' -ForegroundColor Yellow
    Write-Host '3: Exit' -ForegroundColor Red
}

Function Enable-TLS12 {
    $RegPath = 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server'
    $Net45Path = 'HKLM:SOFTWAREMicrosoft.NETFrameworkv4.0.30319'
    $Net45Path_WOW64 = 'HKLM:SOFTWAREWOW6432NodeMicrosoft.NETFrameworkv4.0.30319'
    $Net35Path_WOW64 = 'HKLM:SOFTWAREWOW6432NodeMicrosoft.NETFrameworkv2.0.50727'
    $Net35Path = 'HKLM:SOFTWAREMicrosoft.NETFrameworkv2.0.50727'
    $StrongCrypto = 'SchUseStrongCrypto'
    $DefaultTlsVersion = 'SystemDefaultTlsVersions'

    # Enable strong crypto on .NET Framework 4.5
    Set-ItemProperty -Path $Net45Path -Name $StrongCrypto -Value '1'
    Set-ItemProperty -Path $Net45Path_WOW64 -Name $StrongCrypto -Value '1'

    # Enable strong crypto on .NET Framework 3.5
    Set-ItemProperty -Path $Net35Path_WOW64 -Name $StrongCrypto -Value '1'
    Set-ItemProperty -Path $Net35Path -Name $StrongCrypto -Value '1'
    
    # Set system default TLS versions for both 4.5 and 3.5
    Set-ItemProperty -Path $RegPath -Name $DefaultTlsVersion -Value '1'
    
    # Enable TLS 1.2
    New-ItemProperty -Path $RegPath -Name 'Enabled' -Value '1' -PropertyType 'DWord' -Force
    Write-Host "TLS 1.2 Enabled" -ForegroundColor Green
}

Function Disable-OtherTLSVersions {
    $TLS10Server = 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server'
    $TLS11Server = 'HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Server'

    # Disable TLS 1.0
    New-ItemProperty -Path $TLS10Server -Name 'Enabled' -Value '0' -PropertyType 'DWord' -Force

    # Disable TLS 1.1
    New-ItemProperty -Path $TLS11Server -Name 'Enabled' -Value '0' -PropertyType 'DWord' -Force
    
    Write-Host "Other TLS versions have been disabled" -ForegroundColor Yellow
}

$exitLoop = $false

while ($exitLoop -eq $false) {
    Display-Menu
    $choice = Read-Host "Please make a selection"
    
    switch ($choice) {
        '1' {
            Enable-TLS12
        }
        '2' {
            Disable-OtherTLSVersions
        }
        '3' {
            Write-Host "Exiting..." -ForegroundColor Red
            $exitLoop = $true
            break
        }
    }
    
    if ($exitLoop -eq $false) {
        Write-Host 'Press any key to continue ...' -ForegroundColor Magenta
        $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
    }
}

Similar Articles – Exchange Server TLS Configuration

2 comments on “Exchange Server TLS Configuration”

Comment