Hi

I have Exchange 2010 and I want to disable SSL V2 already i disabled sslv3 and i want to enforce exchange to use TLS instaed .

please need

Hi Yasser,

the most easy way how to do that is by disabling the protocol in the operating System.

in that Case you do not Need to worry about any other application.

please find a script on the TechNet Gallery, like https://gallery.technet.microsoft.com/Configuring-the-settings-a1c79f2d ; in my personal opinion that is the most easy way to do the job. The PS1 just adjusts the corresponding registry keys, so code is the same as documentation :)

After downloading, you can simply run a Shell command like

set-schannelProtocol -Type Client -Protocol SSL2 -Disable

set-schannelProtocol -Type Client -Protocol SSL3 -Disable

to do the Job - please find additions from the documentation.

In addition, please go to www.ssltest.com to check your ciphers. You can manage them by changing the registry like https://support.microsoft.com/en-us/kb/245030?wa=wsignin1.0

Regards,
Martin

Hi

shall i download the script and double click on it ?

Then run the below

Set-SchannelProtocol -Type Server -Protocol SSL3 -Disable
Set-SchannelProtocol -Type Client -Protocol SSL3 -Disable
Set-SchannelProtocol -Type Server -Protocol TLS1
Set-SchannelProtocol -Type Client -Protocol TLS1
Set-SchannelProtocol -Type Server -Protocol TLS11
Set-SchannelProtocol -Type Client -Protocol TLS11
Set-SchannelProtocol -Type Server -Protocol TLS12
Set-SchannelProtocol -Type Client -Protocol TLS12

please confirm how can i use this script

Hi Yasser,

Yes. Just create C:\temp and download the script to that folder.

After that, run PowerShell and go to the temp folder (cd c:\temp).

Now you can run the Set-SchannelProtocol  as mentioned in your post.

In case your system has restriction on your execution policy, please run get- executionpolicy first. Remember the value / text shown.
Then run "set-executionpolicy unrestricted" .

After that you should be able to run the set-schannelprotocol as mentioned before.
Please remember to run set-executionpolicy restricted at the end of your session.

Regards,
Martin 

Hi,

We can disable support for the SSL 2.0 protocol on Windows by following these steps:

1. Click Start, click Run, type regedt32 or type regedit, and then click OK.

2. In Registry Editor, locate the following registry key:

HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 2.0\Server

Note: If the complete registry key path does not exist, you can create it by expanding the available keys and using the New -> Key option from the Edit menu.

3. On the Edit menu, click Add Value.

4. In the Data Type list, click DWORD.

5. In the Value Name box, type Enabled, and then click OK.

Note: If this value is present, double-click the value to edit its current value.

6. Type 00000000 in Binary Editor to set the value of the new key equal to "0".

7. Click OK. Restart the computer.

For more information about this, please refer to:

https://support.microsoft.com/en-us/kb/187498

Regards,

Hi,

Any updates?

Regards,