Apps on iOS 9 or later and OS X 10.11 or later use App Transport Security. App Transport Security defines minimum security standards that must be met for a network connection to be successful. The default behavior requires:
- TLS version 1.2
- Perfect forward secrecy
- SHA256 or better for certificate signature
- 2048 bit or better RSA key (or 256 bit or better ECC key)
If your Exchange server does not meet the App Transport Security requirements then the connection is dropped by iOS or OS X. This applies to web services. So, it will affect OWA, ActiveSync, and EWS (Outlook for Mac).
We are just starting to see iOS 9 installed by clients and are in the process of ensuring that servers meet the requirements.
NOTE: As of right now (Sept 20/15), iOS 9 does not appear to be enforcing the above requirements for internal applications but does for third party applications. We are continuing to update all Exchange servers to meet these requirements as they are best practices for security and because they could affect OS X 10.11 when released.
TLS 1.2TLS 1.2 has been around since 2008 but is not enabled by default on Windows Server 2008 R2. Windows Server 2012 and later have TLS 1.2 enabled by default. Windows Server 2008 does not include TLS 1.1 or TLS 1.2.
To enable TLS 1.2 on Windows Server 2008 R2, you need to create a registry key and reboot the server:
- Open Regedit.
- Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols.
- In Protocols, create a new Key named TLS 1.2.
- In TLS 1.2, create a new Key named Server.
- In Server, create a new DWORD (32-bit) Value:
- Name: DisabledByDefault
- Value: 0
- Name: Enabled
- Value: 1
Perfect Forward SecrecyPerfect Forward Secrecy ensures that each connections uses a difference encryption key. Windows Server 2008 R2 support the use Perfect Forward Secrecy, but again, it's not enabled by default. There are a limited number of ciphers that use Perfect Forward Secrecy. It is a matter of enabling these ciphers and also changing the order of preference so that they are preferred.
I've done quite a bit of searching and there is no good guide for manually enabling Perfect Forward Secrecy. However, there are several scripts you can download and even a graphical tool.
My personal favorite is the graphical tool IIS Crypto from Nartac Software because it provides an easy way to see exactly which protocols and ciphers are being modified. Press the Best Practices button to view the optimal security settings and then Apply and reboot the server. This will enable TLS 1.2, disable SSL 2 and SSL 3 and enable Perfect Forward Secrecy in one step.
Script to enable Perfect Forward Secrecy and more:
SHA256SHA is the algorithm used to sign the digital certificates installed on your Exchange server. Many older certificates use SHA1 which is relatively insecure. You can update your certificate by regenerating the certificate. Most provides allow you to regenerate the keys at no cost. During this process you can select to use SHA256 and then import in Exchange Server.
2048 Bit KeySeveral years ago, certification authorities started requiring a minimum key length of 2048 bits. So, it is unlikely that this is an issue for your certificate. However, if you had a certificate with a long lifetime, you can regenerate it with a 2048 bit key to bring it up to requirements.
Testing Your ConfigurationThe simplest way to verify the SSL/TLS configuration on your server is to use the SSL test from Qualys SSL Labs. This web site connects to your server and runs it through a variety of tests before providing a report on the SSL configuration. It's the fastest way to find out whether specific versions of SSL/TLS and ciphers are enabled or disabled.
Windows Server 2012 and Windows Server 2012 R2This blog post has focused on Windows Server 2008 R2 because there is a lot of it out there running Exchange 2010. However, Windows Server 2012 and Windows Server 2012 R2 are used for many implementations of Exchange 2013.
Windows Server 2012 and Windows Server 2012 R2 support TLS 1.2 by default. If you have installed update KB2919355 released in April 2014, then Windows Server 2012 R2 uses Perfect Forward Secrecy. For Windows Server 2012, you need to configure the cipher protocols to enable Perfect Forward Secrecy just as was required in Windows Server 2008 R2. Again, using a script or IIS Crypto is the preferred method of enabling and reordering the necessary ciphers.
Links for reference:
- App Transport Security Technote: https://developer.apple.com/library/prerelease/mac/technotes/App-Transport-Security-Technote/index.html
- TLS versions: https://en.wikipedia.org/wiki/Transport_Layer_Security
- TLS/SSL Settings Reference: https://technet.microsoft.com/en-us/library/dn786418.aspx
- Qualys SSL Labs test: https://www.ssllabs.com/ssltest/index.html
- How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll: https://support.microsoft.com/en-us/kb/245030
- Nartac IIS Crypto download: https://www.nartac.com/Products/IISCrypto/Download
- Update adds new TLS cipher suites and changes cipher suite priorities in Windows 8.1 and Windows Server 2012 R2: https://support.microsoft.com/en-us/kb/2929781