How to configure cipher suites for STARTTLS?
I configured the available cipher suites for an Exchange 2013 server as described here in the best practice document by putting them into the appropriate registry key:
HKLM:SYSTEMCurrentControlSetControlCryptographyConfigurationLocalSSL0010002
But when looking at a packet capture of an outgoing SMTP session of that server which used STARTTLS, I observed that it was offering a completely different set of ciphers. Is that registry key not being used for STARTTLS by Exchange Server and if so, where do the ciphers for that have to be configured instead?
I configured the available cipher suites for an Exchange 2013 server as described here in the best practice document by putting them into the appropriate registry key:HKLM:SYSTEMCurrentControlSetControlCryptographyConfigurationLocalSSL0010002But when looking at a packet capture of an outgoing SMTP session of that server which used STARTTLS, I observed that it was offering a completely different set of ciphers. Is that registry key not being used for STARTTLS by Exchange Server and if so, where do the ciphers for that have to be configured instead? Read More