I am trying to setup a forced TLS connection using AES 256 block size to only one external non-partner domain. I have verified the SSL certificate is in use by the Exchange 2007 server I have also entered the command: Set-TransportConfig -TLSSendDomainSecureList receivingdomain.com The recipient does see the AES128 email when the TLS transport is not configured, but they require AES 256. After I set the transport config with the command above, the recipient does not receive the email. In short, how do I switch from AES128 block size to AES256 in Exchange 2007? Thank you

On Thu, 27 Jan 2011 14:26:30 +0000, JShan99 wrote: > > >I am trying to setup a forced TLS connection using AES 256 block size to only one external non-partner domain. I have verified the SSL certificate is in use by the Exchange 2007 server I have also entered the command: Set-TransportConfig -TLSSendDomainSecureList receivingdomain.com The recipient does see the AES128 email when the TLS transport is not configured, but they require AES 256. > >After I set the transport config with the command above, the recipient does not receive the email. In short, how do I switch from AES128 block size to AES256 in Exchange 2007? Does something like this help? http://derek858.blogspot.com/2010/06/enable-tls-12-aes-256-and-sha-256-in.html --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Thanks for the suggestion but that looks more for the web side of things. I need it for exchange communications. I ended up calling Microsoft. Here is the solution in case anyone (probably not) needs it. ð Ran gpedit.msc ð Went to Computer Configuration->Administrative Templates->Network->SSL Configuration->SSLCipher ð By Default the SSL Cipher Suite Order is set to "Not Configured" ð To enable 256-bit encryption, selected the "enabled" radio button ð Within the SSL Cipher Suites text box we placed TLS_RSA_WITH_AES_256_CBC_SHA as the first entry. ð Rebooted the server ð Now TLS with 256 is enabled on the server There is still a matter of the receiving side allowing your email through with an access list or authentication method.