I've been told to disable TLS 1.0 and 1.1 on my Exchange 2019 server, which is part of a Database Availability Group (DAG) running the latest cumulative update. My main worry is about our relay setup that allows emails from printers, network devices, and non-Windows servers. This relay accepts anonymous connections, relying on IP address whitelisting for security. Since we're on port 25 for SMTP relay and behind an F5 load balancer in a hybrid Exchange setup, I'm concerned about whether turning off TLS 1.0 and 1.1 will disrupt this relay functionality. I've done quite a bit of searching online but haven't found a clear answer. Appreciate any insights!
5 Answers
I had a similar setup with Exchange 2016 and shut down TLS 1.0 and 1.1 two weeks ago. Everything ran smoothly after the changes!
You might encounter some scan-to-email problems, but the bigger issue isn't with Exchange. It’s more about those older devices still using outdated TLS versions.
This might sound a bit silly, but I suggest making the changes after hours or over the weekend. Once you disable TLS 1.0/1.1, just test your printers. If they work, great! If not, you can easily roll back the change and research further then.
No worries! Disabling TLS 1.0 and 1.1 shouldn't affect your setup. Those protocols should have been turned off ages ago anyway. Just be sure to run Microsoft's Exchange health checker scripts to catch any other issues that might pop up!
Disabling those TLS versions *shouldn't* pose a problem. Some old printers might not work afterward, but honestly, if they can't support TLS 1.2, they need to be replaced due to security risks. Remember, TLS is a peer-to-peer protocol: if the connection breaks, it means the other side only supports the outdated versions.
That report is going to look like a disaster, but at least you'll know what to fix!