none
Managed EWS and TLS 1.2

    Question

  • Hi,

    We've been informed that Exchange Online (Office 365) will be phasing out TLS 1.0 and TLS 1.1.

    Managed EWS however, seems to be hard coded to use TLS 1.0. I tried setting registry keys to prevent TLS 1.0, and at that point managed EWS refused to connect.

    Is there any way to force managed EWS to use TLS 1.2, and if not can we expect a new version which defaults to TLS 1.2 shortly?

    Thanks - Lawrence

    Thursday, January 3, 2019 1:56 PM

All replies

  • Hi,

    TLS is transport layer security and it is not hard coded in EWS.

    It depends on application and how you are using EWS. You need to check for OS and check if application using .net.

    If application using .net then use below article to modify setting for used .net version.

    https://blogs.technet.microsoft.com/exchange/2018/01/26/exchange-server-tls-guidance-part-1-getting-ready-for-tls-1-2/

    Belo is Microsoft provided guidelines for TLS.

    https://blogs.technet.microsoft.com/exchange/2018/01/26/exchange-server-tls-guidance-part-1-getting-ready-for-tls-1-2/


    Thanks, Ashish MCITP, MCT, MCSE

    Thursday, January 3, 2019 2:46 PM
  • Hi,

    I am specifically using "Managed EWS 2.2", which inherently uses .NET. (https://www.microsoft.com/en-us/download/details.aspx?id=42951)

    On this server only .NET 4.7 is installed.

    I've been through all the steps to make sure TLS 1.2 is the default and to prevent older versions, but when I do so Managed EWS just fails.

    Thanks - Lawrence

    Thursday, January 3, 2019 3:13 PM
  • Hi,

    Apart from modifying windows registry values for TLS 1.2 can you please confirm you modified registry for .net as well.

    Here are steps:-

    Enable TLS 1.2 for .NET 4.x
    This step is only required for Exchange Server 2013 or later installations where .NET 4.x is relied upon.
    The SystemDefaultTlsVersions registry value defines which security protocol version defaults will be used by .NET Framework 4.x. If the value is set to 1, then .NET Framework 4.x will inherit its defaults from the Windows Schannel DisabledByDefault registry values. If the value is undefined, it will behave as if the value is set to 0. By configuring .NET Framework 4.x to inherit its values from Schannel we gain the ability to use the latest versions of TLS supported by the OS, including TLS 1.2.
    From Notepad.exe, create a text file named NET4X-UseSchannelDefaults.reg.
    Copy, and then paste the following text.
    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
    "SystemDefaultTlsVersions"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
    "SystemDefaultTlsVersions"=dword:00000001
    Save the NET4X-UseSchannelDefaults.reg file.
    Double-click the NET4X-UseSchannelDefaults.reg file.
    Click Yes to update your Windows Registry with these changes.
    Restart your computer for the change to take effect.


    Thanks, Ashish MCITP, MCT, MCSE

    • Proposed as answer by Yashbeni Thursday, January 3, 2019 4:19 PM
    Thursday, January 3, 2019 3:21 PM
  • Hi,

    I wasn't aware of that extra change, which I have now completed.

    I'm pleased to say managed EWS is now working even with the older TLS versions disabledin the registry.

    Is there any way to show for certain that TLS 1.2 is being used - other than maybe installing Wireshark?

    Thanks for your help - Lawrence

    Friday, January 4, 2019 11:47 AM
  • It depends how you are using ews.

    If you are using it for SMTP then SMTP logs can tell which tls is being used.

    If you are used it client connection then connectivity logs can tell.


    Thanks, Ashish MCITP, MCT, MCSE

    Friday, January 4, 2019 12:08 PM
  • Hi Lawrence E Marigold,

    Did above helped in your query?

    Please don't forget to mark as answer if post was helpful.


    Thanks, Ashish (I can be wrong but can't be rude) “Tell me and I forget, teach me and I may remember, involve me and I learn.” MCITP, MCT, MCSE

    Friday, January 11, 2019 7:15 PM