Forced TLS 1.2

%3CLINGO-SUB%20id%3D%22lingo-sub-227548%22%20slang%3D%22en-US%22%3EForced%20TLS%201.2%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-227548%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20we%20setup%20forced%20TLS%20on%20365%2C%20does%20that%20stop%20us%20from%26nbsp%3B%20sending%20and%20receiving%20mails%20from%20companys%20using%20exchange%202007%20on-premise%20which%20only%20supports%20TLS%201.0%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-227548%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-227693%22%20slang%3D%22en-US%22%3ERe%3A%20Forced%20TLS%201.2%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-227693%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20Jorgen%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20understanding%20is%20that%20you%20will%20be%20fine.%20Forced%20TLS%20essentially%20goes%20through%20a%20series%20of%20TLS%20prompts%2Fqueries%20until%20one%20can%20be%20found%20that%20both%20Office%20365%20and%20the%20accepting%2Fsending%20server%20can%20agree%20on%20during%20the%20handshaking%20process.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETLS%201.0%20can%20be%20used%20to%20send%20messages%2C%20and%20we%20often%20put%20on%20forced%20TLS%20during%20our%202007%20days.%20So%20to%20me%20that%20still%20qualifies%20as%20a%20TLS%20protocol%20for%20the%20handoff%2C%20and%20it%20should%20be%20fine.%3CBR%20%2F%3E%3CBR%20%2F%3EWith%20that%20said%20I%20no%20longer%20have%20a%202007%20server%2C%20or%20a%20lab%20to%20test%20this%20in.%20I%20would%20encourage%20you%20to%20test%20this%20out%2C%20or%20do%20the%20deployment%20in%20off%20hours%20so%20you%20can%20test%20first%2C%20but%20unlike%20your%20own%20internal%20server%20communication%2C%20which%20might%20require%20TLS%20newer%20than%201.0%2C%20for%20just%20the%20handshake%20and%20handoff%20of%20the%20message%2C%20I%20would%20assume%20as%20long%20as%20its%20TLS%20you%20are%20fine.%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20someone%20knows%20more%20definitively%20i%20would%20love%20for%20them%20to%20chime%20in%2C%20but%20having%20done%20TLS%20through%202007%20many%20times%20in%20the%20past%2C%20i%20dont%20see%20why%20this%20wouldn't%20work.%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fprevious-versions%2Foffice%2Fexchange-server-2007%2Fee428172(v%3Dexchg.80%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fprevious-versions%2Foffice%2Fexchange-server-2007%2Fee428172(v%3Dexchg.80%3C%2FA%3E))%3CBR%20%2F%3E%3CBR%20%2F%3EAdam%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Visitor

If we setup forced TLS on 365, does that stop us from  sending and receiving mails from companys using exchange 2007 on-premise which only supports TLS 1.0?

1 Reply
Highlighted

Hey Jorgen,

 

My understanding is that you will be fine. Forced TLS essentially goes through a series of TLS prompts/queries until one can be found that both Office 365 and the accepting/sending server can agree on during the handshaking process.

 

TLS 1.0 can be used to send messages, and we often put on forced TLS during our 2007 days. So to me that still qualifies as a TLS protocol for the handoff, and it should be fine.

With that said I no longer have a 2007 server, or a lab to test this in. I would encourage you to test this out, or do the deployment in off hours so you can test first, but unlike your own internal server communication, which might require TLS newer than 1.0, for just the handshake and handoff of the message, I would assume as long as its TLS you are fine.

If someone knows more definitively i would love for them to chime in, but having done TLS through 2007 many times in the past, i dont see why this wouldn't work. (https://docs.microsoft.com/en-us/previous-versions/office/exchange-server-2007/ee428172(v=exchg.80))

Adam