I'm trying to make our Exchange 2013 server PCI compliant.  TO do this, I've turned off SSL2 and 3, PCT1, and TLS 1.0.  

When I turn off TSL1.0, none of our Outlook clients can connect.  Is there a change I need to make somewhere so they use TLS1.1 or above?

N00b here, so I may have the terminology wrong.

Thanks.

Hi,

What's you windows server version? Windows Server 2008 R2 and Windows 7 support the following protocols: SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2

We can disable and enable these protocol by using registry keys:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols

Please locate the path for these key and check whether the TLS 1.1 is listed there. If there is, please enable it with a value of 1. If there is no key for TLS 1.1 and TLS 1.2, please do the following to enable it on a Windows Server 2008 R2 server:

1. Add the following keys:

TLS 1.1 and TLS 1.2

2. Within each of the TLS 1.1 and TLS 1.2 keys (they look like folders), add these keys: Client and Server.

3. On the client computer, add the DisabledByDefault DWORD value to 00000000.

4. On the server computer, add the Enabled DWORD value to 0xffffffff.

5.Restart the computer.

Regards,