Barracuda disabling TLS1.0, 1.1 and SSLv2/SSLv3

Rob H 21 Reputation points
2020-12-04T12:15:50.43+00:00

Hi,

The below article explains that Barracuda Cloud are going to disabling support for TLS 1.0 and 1.1 and SSLv2/v3.

https://campus.barracuda.com/product/essentials/doc/91981918/tls-with-insecure-ciphers-and-sslv2-sslv3-no-longer-supported/

I am wanting to ask an Exchange expert if this would actually affect our customers email flow. Our MX records are set to Barracuda which is then forwarded onto our Exchange Server and also our send connectors are set to send out through Barracuda also.

We have customers on Exchange 2010 to Exchange 2016.

Thankyou

Rob

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,373 questions
0 comments
Accepted answer
  1. Andy David - MVP 142.3K Reputation points MVP
    2020-12-04T12:46:41.927+00:00

    Supported means Exch 2013 and above. ( 2013 is in extended support till 2023) They will all use TLS 1.2 , but of course its important to be at the latest CU for any version as there are many fixes in those CUs.
    If you wanted to ensure you are using TLS 1.2 then there are minimum CU versions required listed here and how to enable TLS 1.2 if required
    https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-tls-guidance-part-1-getting-ready-for-tls-1-2/ba-p/607649

    Alot of that also depends on the Windows Version.

    As every customer is different and potentially has made undocumented changes or perhaps messed with configurations otherwise, I would read through all the information in the link above ( All three blog posts) and then use that to verify that TLS 1.2 is being used with logging before disabling it on the Barracuda for each customer.

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 142.3K Reputation points MVP
    2020-12-04T12:21:18.897+00:00

    All currently supported versions of Exchange will use TLS 1.2 by default.
    You can verify this in the message headers of any email you get from the internet or using the SMTP protocol logs:

    https://learn.microsoft.com/en-us/exchange/mail-flow/connectors/configure-protocol-logging?view=exchserver-2019

    Exchange 2010 is a little different. Follow this blog to enable TLS 1.2 if required.
    You can check the SMTP protocol logs on the 2010 servers first however to see if its already being used.

    https://jaapwesselius.com/2018/10/05/exchange-2010-and-tls-1-2/#:~:text=Exchange%202010%20can%20use%20TLS,upcoming%20changes%20in%20Office%20365.

    If you want to disable the older SSL versions on Exchange, follow this:

    https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-tls-guidance-part-1-getting-ready-for-tls-1-2/ba-p/607649

    0 comments
  2. Rob H 21 Reputation points
    2020-12-04T12:30:25.713+00:00

    Thanks Andy,

    You said all current supported versions will use TLS 1.2 by default.

    Is that even without the latest Exchange updates? As I believe some of our customers arent on the latest service pack

    Also, on the SSLv2/v3 side. Would that effect anything?

    I just want to be 100% sure with Barracuda disabling TLS1.0 and 1.1 and SSLv2 and v3 it wont affect our customers mail flow.

    Thanks

    0 comments