This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 26%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
Dears,
i have exchange servers 2016 published on cisco firewall.
TLS 1.2 was enabled on the firewall and then all email traffic stopped working.
how can i check TLS from server side and how can we make it use TLS 1.2 and disable the old one.
Thanks,
Unless you messed with something, you are already using TLS 1.2 for SMTP traffic with Exchange 2016.
You can verify this very easily in the message headers or SMTP protocol logs.
For other clients, follow the steps in those docs starting here:
NO need to change anything on the firewall in that regard.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Hi @eg1995 ,
how can i check TLS from server side and how can we make it use TLS 1.2 and disable the old one.
To validate whether TLS 1.2 is in use, agree with Andy that you can check the Message header or SMTP Logging. To analyze the message header, it's suggested to use the Message Header Analyzer at https://testconnectivity.microsoft.com. As regards to the protocol logging, you can enable the protocol logging on specific connectors and check if the following string exists:
When the server is the SMTP receiving system:
When the server is the SMTP sending system:
Regarding disabling the old one, please make sure you have completed the steps outlined in the two blogs shared above by Andy( Part 1: Getting Ready for TLS 1.2 and Part 2: Enabling TLS 1.2 and Identifying Clients Not Using It), then you can proceed to turn off TLS 1.0/1.1 by referring to Exchange Server TLS guidance Part 3: Turning Off TLS 1.0/1.1.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @eg1995 ,
It has been a few days, just checking in to see if you have had a chance to see the replies above. Feel free to post back should you have further questions on this.