Forum Discussion

SAMFS's avatar
SAMFS
Copper Contributor
Apr 24, 2024

How to configure cipher suites for STARTTLS?

I configured the available cipher suites for an Exchange 2013 server as described here in the best practice document  by putting them into the appropriate registry key:

HKLM:\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002

But when looking at a packet capture of an outgoing SMTP session of that server which used STARTTLS, I observed that it was offering a completely different set of ciphers. Is that registry key not being used for STARTTLS by Exchange Server and if so, where do the ciphers for that have to be configured instead?

Resources