SOLVED

Windows Server 2016 - SMTP Server with TLS 1.2

%3CLINGO-SUB%20id%3D%22lingo-sub-783875%22%20slang%3D%22en-US%22%3EWindows%20Server%202016%20-%20SMTP%20Server%20with%20TLS%201.2%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-783875%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3EWe%20are%20using%20a%20Windows%20Server%202016%20as%20an%20internal%20SMTP%20relay%20server%20to%20forward%20messages%20from%20local%20servers%20and%20software%20to%20our%20Office365%20Exchange%20environment.%20Since%20Microsoft%20has%20announced%20that%20TLS%201.2%20will%20come%20in%20the%20next%20months%2C%20we%20are%20looking%20for%20a%20setting%20in%20the%20Windows%20based%20SMTP%20Server%20(local%20IIS)%20for%20TLS%201.2.%20Does%20anybody%20know%20how%20to%20setup%20the%20windows%20SMTP%20server%20to%20use%20the%20new%20TLS%20standard%3F%3C%2FP%3E%3CP%3EThanks%20for%20your%20answers%2C%20Regards%2C%20Chris%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-783875%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESMTP%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-784676%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Server%202016%20-%20SMTP%20Server%20with%20TLS%201.2%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-784676%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F385728%22%20target%3D%22_blank%22%3E%40Chris2364%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20understanding%20is%20that%20for%20Server%202016%2C%20TLS%201.2%20is%20enabled%20by%20default%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fwin32%2Fsecauthn%2Fprotocols-in-tls-ssl--schannel-ssp-%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fwin32%2Fsecauthn%2Fprotocols-in-tls-ssl--schannel-ssp-%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20613px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F125330i354B9293DADA6991%2Fimage-dimensions%2F613x345%3Fv%3D1.0%22%20width%3D%22613%22%20height%3D%22345%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20used%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.nartac.com%2FProducts%2FIISCrypto%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.nartac.com%2FProducts%2FIISCrypto%3C%2FA%3E%26nbsp%3Bin%20the%20past%20to%20confirm%2Fchange%20settings.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20this%20helps%2C%3C%2FP%3E%3CP%3EMark%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1566019%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Server%202016%20-%20SMTP%20Server%20with%20TLS%201.2%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1566019%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F383653%22%20target%3D%22_blank%22%3E%40HidMov%3C%2FA%3E%26nbsp%3BHi%20-%20Isn't%20the%20original%20question%20how%20to%20configure%20the%20Microsoft%20IIS%20SMTP%20for%20TLS%201.2%2C%20rather%20than%20how%20to%20allow%20it%20on%20the%20server%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EEric%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1566168%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Server%202016%20-%20SMTP%20Server%20with%20TLS%201.2%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1566168%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F280018%22%20target%3D%22_blank%22%3E%40Eric1972%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20this%20instance%2C%20my%20understanding%20that%20it%20is%20one%20and%20the%20same%20-%20TLS1.2%20is%20enabled%20and%20configured%20by%20default%20on%20Server%202016%2C%20so%20no%20further%20configuration%20is%20unnecessary.%20This%20has%20been%20my%20experience%20and%20hopefully%20the%20smtp%20relay%20worked%20in%20TLS1.2%20for%20OP%2C%20but%20happy%20to%20be%20corrected%20if%20I'm%20mistaken.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Visitor

Hello,

We are using a Windows Server 2016 as an internal SMTP relay server to forward messages from local servers and software to our Office365 Exchange environment. Since Microsoft has announced that TLS 1.2 will come in the next months, we are looking for a setting in the Windows based SMTP Server (local IIS) for TLS 1.2. Does anybody know how to setup the windows SMTP server to use the new TLS standard?

Thanks for your answers, Regards, Chris

3 Replies
Highlighted
Best Response confirmed by Chris2364 (Visitor)
Solution

Hi @Chris2364 

 

My understanding is that for Server 2016, TLS 1.2 is enabled by default

 

https://docs.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-

 

clipboard_image_0.png

 

I've used https://www.nartac.com/Products/IISCrypto in the past to confirm/change settings.

 

Hope this helps,

Mark

Highlighted

@HidMov Hi - Isn't the original question how to configure the Microsoft IIS SMTP for TLS 1.2, rather than how to allow it on the server?

 

Thanks,

Eric

Highlighted

Hi @Eric1972 

 

In this instance, my understanding that it is one and the same - TLS1.2 is enabled and configured by default on Server 2016, so no further configuration is unnecessary. This has been my experience and hopefully the smtp relay worked in TLS1.2 for OP, but happy to be corrected if I'm mistaken.