Today we are announcing the latest set of Cumulative Updates for Exchange Server 2016 and Exchange Server 2013. These releases include fixes to customer reported issues and updated functionality. Exc...
Updated Jul 01, 2019
Version 2.0
Blog Post
Hello
looking at the ExchangeSetup.log i found this
[10/20/2016 21:36:43.0445] [1] Executing:
$keyPathRoot = “HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols”;
$keyPath = $keyPathRoot + “\SSL 2.0\Server”;
if (!(Test-Path $keyPath))
{
New-Item -path $keyPathRoot”\SSL 2.0″ -ItemType key -Name “Server” -Force;
}
Set-ItemProperty -path $keyPath -name “Enabled” -value 0x0 -Type DWORD -Force;
$keyPath = $keyPathRoot + “\SSL 3.0\Server”;
if (!(Test-Path $keyPath))
{
New-Item -path $keyPathRoot”\SSL 3.0″ -ItemType key -Name “Server” -Force;
}
Set-ItemProperty -path $keyPath -name “Enabled” -value 0x0 -Type DWORD -Force;
$keyPath = $keyPathRoot + “\TLS 1.0\Server”;
if (!(Test-Path $keyPath))
{
New-Item -path $keyPathRoot”\TLS 1.0″ -ItemType key -Name “Server” -Force;
}
Set-ItemProperty -path $keyPath -name “Enabled” -value 0x1 -Type DWORD -Force;
$keyPath = $keyPathRoot + “\TLS 1.1\Server”;
if (!(Test-Path $keyPath))
{
New-Item -path $keyPathRoot”\TLS 1.1″ -ItemType key -Name “Server” -Force;
}
Set-ItemProperty -path $keyPath -name “Enabled” -value 0x1 -Type DWORD -Force;
Set-ItemProperty -path $keyPath -name “DisabledByDefault” -value 0x0 -Type DWORD -Force;
$keyPath = $keyPathRoot + “\TLS 1.2\Server”;
if (!(Test-Path $keyPath))
{
New-Item -path $keyPathRoot”\TLS 1.2″ -ItemType key -Name “Server” -Force;
}
Set-ItemProperty -path $keyPath -name “Enabled” -value 0x1 -Type DWORD -Force;
Set-ItemProperty -path $keyPath -name “DisabledByDefault” -value 0x0 -Type DWORD -Force;
$keypath = “HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002”;
if (!(Test-Path $keyPath)) { New-Item $keyPath -Force }
Set-ItemProperty -path $keyPath -name “Functions” -value “TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5” -Force;
looks like Microsoft is helping customers secure their server without mentioning it anywhere.