Announcement

Collapse
No announcement yet.

Is my understanding of TLS correct?!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Is my understanding of TLS correct?!

    Hi all,

    Could someone please confirm if my understanding of TLS is correct, I'm new to this and I need to set it up in the office,

    I have an SSL cert from Verisign installed on our IIS, I have enabled TLS on our STMP server which i understand allows for incoming opportunistic TLS, if TLS isn't supported when sending it comes in as plain text.

    I have created an SMTP connector to another business and checked TLS on this, so now all emails to this business should use TLS, else not send.

    Both of the above make use the cert installed on IIS to encrypt the emails.

    Thanks,

  • #2
    Re: Is my understanding of TLS correct?!

    Originally posted by rob123 View Post
    Hi all,

    Could someone please confirm if my understanding of TLS is correct, I'm new to this and I need to set it up in the office,

    I have an SSL cert from Verisign installed on our IIS, I have enabled TLS on our STMP server which i understand allows for incoming opportunistic TLS, if TLS isn't supported when sending it comes in as plain text.

    I have created an SMTP connector to another business and checked TLS on this, so now all emails to this business should use TLS, else not send.

    Both of the above make use the cert installed on IIS to encrypt the emails.

    Thanks,
    Exchange2000/2003 doesn't use opportunistic TLS. You'd need at least Ex2007 for that. Configure your SMTP connector with the domains that are needed for TLS. You do though need to ask the remote host if the name is the same as what is on their MX records otherwise you'll get a certificate mismatch and the connection will fail.
    Do note that TLS doesn't provide end to end encryption. For that you'd need a PKI along with digital ID's.

    http://support.microsoft.com/kb/823019
    Last edited by scurlaruntings; 8th December 2011, 12:09.

    Comment


    • #3
      Re: Is my understanding of TLS correct?!

      Exchange 2003 TLS is either ON or OFF.
      If On, then email that doesn't use TLS will fail.
      If Off, then no email will use TLS.

      If you want to support outbound TLS, then a separate SMTP Connector will be required.
      If you want to support inbound TLS, then a separate host name and IP address will be required, unless you can get the remote senders to use an alternative port.

      Or deploy Exchange 2007 or higher.

      Simon.
      --
      Simon Butler
      Exchange MVP

      Blog: http://blog.sembee.co.uk/
      More Exchange Content: http://exchange.sembee.info/
      Exchange Resources List: http://exbpa.com/
      In the UK? Hire me: http://www.sembee.co.uk/

      Sembee is a registered trademark, used here with permission.

      Comment

      Working...
      X