Today we are announcing the availability of quarterly servicing cumulative updates for Exchange Server 2016 and 2019. These updates include fixes for customer reported issues as well as all previousl...
Updated Jun 12, 2020
Version 1.0
Blog Post
LukasSMSFT
Microsoft
MicrosoftExchange 2019 use TLS 1.2 only with a customized set of cipher suites and hashing algorithms by default (https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-2019-now-available/ba-p/608610). We have removed legacy ciphers and hashing algorithms by default. This is not the case when it comes to Exchange 2016. It's possible and recommended to disable weak ciphers and hashing algorithms. There is an EHLO blog post from 2015 talking about this: https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-tls-038-ssl-best-practices/ba-p/603798
Deprecation enforcement of TLS 1.0 and 1.1 is currently paused due to SARS-CoV-2 (COVID-19). There are millions of users using Microsoft 365 services and we need to make sure, that everybody have enough time to prepare for the deprecation of TLS 1.0/1.1 .
Getting rid of TLS 1.0/1.1 is a process that requires time and careful planning. If there are for example Windows 7 / Server 2008 R2 OS in place (hopefully not ;)), you need to make sure that TLS 1.2 is enabled as default for WinHTTP (https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi).
Failure to plan carefully means that some users may no longer be able to access the service.