Change block size from AES128 to AES256 in Exchange 2007 for forced TLS to an external receipient domain
I am trying to setup a forced TLS connection using AES 256 block size to only one external non-partner domain.
I have verified the SSL certificate is in use by the Exchange 2007 server
I have also entered the command: Set-TransportConfig -TLSSendDomainSecureList
receivingdomain.com
The recipient does see the AES128 email when the TLS transport is not configured, but they require AES 256.
After I set the transport config with the command above, the recipient does not receive the email.
In short, how do I switch from AES128 block size to AES256 in Exchange 2007?
Thank you
January 27th, 2011 9:32am
On Thu, 27 Jan 2011 14:26:30 +0000, JShan99 wrote:
>
>
>I am trying to setup a forced TLS connection using AES 256 block size to only one external non-partner domain. I have verified the SSL certificate is in use by the Exchange 2007 server I have also entered the command: Set-TransportConfig -TLSSendDomainSecureList
receivingdomain.com The recipient does see the AES128 email when the TLS transport is not configured, but they require AES 256.
>
>After I set the transport config with the command above, the recipient does not receive the email. In short, how do I switch from AES128 block size to AES256 in Exchange 2007?
Does something like this help?
http://derek858.blogspot.com/2010/06/enable-tls-12-aes-256-and-sha-256-in.html
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
January 27th, 2011 10:24pm
Thanks for the suggestion but that looks more for the web side of things. I need it for exchange communications.
I ended up calling Microsoft. Here is the solution in case anyone (probably not) needs it.
ð Ran gpedit.msc
ð Went to Computer Configuration->Administrative Templates->Network->SSL Configuration->SSLCipher
ð By Default the SSL Cipher Suite Order is set to "Not Configured"
ð To enable 256-bit encryption, selected the "enabled" radio button
ð Within the SSL Cipher Suites text box we placed TLS_RSA_WITH_AES_256_CBC_SHA as the first entry.
ð Rebooted the server
ð Now TLS with 256 is enabled on the server
There is still a matter of the receiving side allowing your email through with an access list or authentication method.
January 28th, 2011 8:13am