microsoft.public.exchange.development
[Top] [All Lists]
<prev [Date] next>
<prev [Thread] next>

Attn Exchange Group, Please fix SSL/TLS in future Exchange 2003/2007

from [Edward Ray]
Subject: Attn Exchange Group, Please fix SSL/TLS in future Exchange 2003/2007
From: "Edward Ray"
Date: Tue, 24 Oct 2006 19:21:29 -0700
Newsgroups: microsoft.public.exchange.development
I just went through the experience of configuring Exchange 2003 to communicate with my Postfix Mail Gateway using TLS/SSL. The Exchange implementation of DES-CBC3-SHA1 (3DES-SHA1) is broken. Since the "Use FIPS compliant" Security features automatically enables 3DES, I was unable to communicate with my Mail Gateway Securely. I had to disable FIPS, then configure Postfix to use the medium grade "RC4-MD5" until Microsoft fixes the problem. 

BTW, AES has replaced 3DES as the FIPS compliant encryption algorithm.
My other non-Microsoft mail servers have no issues with high grade encryption communications. 

--
Edward Ray
CCIE Security, CISSP, GCIA Gold, GCIH Gold, MCSE+Security, PE
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Attn Exchange Group, Please fix SSL/TLS in future Exchange 2003/2007, Edward Ray <=
Previous by Date:  Re: Public Folders & Permissions, Dmitry Streblechenko
Next by Date:  PR_NT_SECURITY_DESCRIPTOR and AccessCheck, Vilma
Previous by Thread:  Re: Public Folders & Permissions, Dmitry Streblechenko
Next by Thread:  PR_NT_SECURITY_DESCRIPTOR and AccessCheck, Vilma
Indexes:  [Date] [Thread] [Top] [All Lists]
Privacy Policy