I have a front end load balancer to a backend Exchange 2010 CAS Server running POP. I need to disable SSL 3.0 and TLS 1.0 and only use TLS 1.1 and TLS 1.2 for obvious reasons. I am able to disable SSL 3.0 and can still access pop via Outlook and mobile devices but when I disable TLS 1.0 I get an SSL handshake failure when trying to authenitcate to POP.
What's the solution? Also an official KB article on this subject is requested.
Currently on the front end from external connections to the load balancer I can support TLS 1.0, TLS 1.1 and TLS 1.2 but the load balancer does not give me the ability to enable TLS 1.1 or TLS 1.2 from the load balancer to the Exchange CAS server. In essence I can't have end to end TLS 1.1 or TLS 1.2 with the current version of the load balancer but I'm need TLS 1.1 and TLS 1.2 from client devices to load balancer then TLS 1.0 or SSL 3.0 from the load balancer to the CAS server.
How do I configure pop3 to accept TLS 1.1 or 1.2 on the front end from clients?