question

VeronicaN-2059 avatar image
0 Votes"
VeronicaN-2059 asked KyleXu-MSFT commented

SSL RC4 Cipher Suites Supported (Bar Mitzvah)

We are having this vulnerability on Windows 2012 server that has Exchange 2016 installed. It is a hybrid server. Is it safe to disable RC4 on exchange servers. I have not been able to get a clear info regarding the process to disable for Exchange servers, Please help.

office-exchange-hybrid-itpro
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@VeronicaN-2059

I am writing here to confirm with you any update about this thread now?
If the suggestion below helps, please be free to mark it as an answer for helping more people.

0 Votes 0 ·
AndyDavid avatar image
0 Votes"
AndyDavid answered

Enable TLS 1.2 and those ciphers wont be used:
https://docs.digicert.com/certificate-tools/discovery-user-guide/tlsssl-endpoint-vulnerabilities/rc4-cipher-enabled/

105766-image.png

You can follow this guidance for Exchange to do that:

https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-tls-guidance-part-1-getting-ready-for-tls-1-2/ba-p/607649

Its three parts so go through each section carefully and test.



image.png (16.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KyleXu-MSFT avatar image
0 Votes"
KyleXu-MSFT answered

@VeronicaN-2059

Here is also a blog which suggest disable RC4 ciphers:
106011-qa-kyle-09-22-58.png
106012-qa-kyle-09-23-14.png


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.