To continue using TLS Business Partners with Enforced encryption, you will need to ensure you are using TLS 1.1 or higher as well as using a SHA2 certificate.
Be aware that the information below is for guidance only. You must retrieve up-to-date information from your mail server vendor to ensure accuracy, for instructions to any other on-premise mail server solution, contact the software vendor.
Microsoft Exchange users
Ensure your MTA is up-to-date with the latest available Cumulative Update (CU) patch.
TLS1.0 does not support the “Enforced cipher set”. Microsoft plans to disable TLS 1.0 and 1.1 in a future CU patch. Migrating to TLS 1.2 now will resolve this issue and ensure you are current with the latest security practices.
Warning: Before proceeding with the following steps, ensure your Exchange environment has the latest CU patches installed. Failing to do and continuing to the next steps can negatively affect your mail flow.
Enable TLS 1.2
To enable TLS 1.2 for both server (inbound) and client (outbound) connections on an Exchange Server, perform the following.
From Notepad.exe, create a text file named TLS12-Enable.reg.