Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

You cannot enable TLS 1.1 or TLS 1.2 for an SMTP session in Exchange Server 2010 on Windows Server 2008 R2


View products that this article applies to.

Symptoms

Consider the following scenario:
  • You install Windows Server 2008 R2.
  • You install Microsoft Exchange Server 2010 on the server that is running Windows Server 2008 R2.
  • You enable Transport Layer Security (TLS) 1.1 and TLS 1.2 in Windows Server 2008 R2. To do this, you set the DisabledByDefault DWORD value to 0 under the following registry subkeys:
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
In this scenario, an Exchange Server 2010 SMTP session does not use TLS 1.1 or TLS 1.2. Instead, the SMTP session uses TLS 1.0.

↑ Back to the top


Status

Microsoft has confirmed that this is a bug in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


More information

You cannot configure an Exchange Server 2010 SMTP session to use TLS 1.1 or TLS 1.2.

↑ Back to the top


Keywords: KB2709167, kbprb, kbnofix, kbbug, kbsurveynew

↑ Back to the top

Article Info
Article ID : 2709167
Revision : 1
Created on : 5/4/2012
Published on : 5/4/2012
Exists online : False
Views : 295