Hi all -
We're running exchange 2010, which users access via outlook, OWA, and smartphones/tablets. Our security auditors made the following recommendations for the "webmail" (CAS/Hub) servers:
1. Set SSL 3.0 to require TLS
2. Set SSL 2.0 to require TLS
3. Disable the "options method" in IIS
Aside from the fact that I don't know how to do this, I'm a little concerned about making changes to SSL. By doing so, am I going to break any devices? I'm worried about smartphones not connecting, and users who open OWA on an XP machine.
Appreciate any advice/experiences.
Mike