Ticket: Exchange 2007 Disable TLS between HUB (Part 2)

Disable TLS (原討論)

Reply:
I would like to disable TLS, as I would like to disable the encryption between Hub Transport server for some reason.

1. What is the best approach if I have three Hub Transport servers?

Mailbox Server A using Hub Transport Server A
Mailbox Server B using Hub Transport Server B
Mailbox Server C using Hub Transport Server C

1. Disable Opportunistic TLS on your Receive Connectors.  Your Receive Connectors don't "require" TLS either way as -RequireTLS is set to $false.  Opportunistic TLS just attempts TLS first and if TLS is not possible, it accepts the mail anyways.

2. Do have have to disable both "Send Connector" and "Receive Connector" on all Hub Transport servers?
2. No, just Receive Connector due to what I said in #1.

3. What about Mailbox Servers, do I have to disable it on all Mailbox servers as well?
3. No, all my flows through Hub Transports and gets delivered right to the mailbox on mailbox servers.

4. Is there any security concern?
4. Of course, you're disabling TLS encryption!

5. Actually the reason I am doing it is because there is a appliance, "riverbed" to save traffic between servers, however, hub transport encrypted all traffic between servers using TLS.  As the result, the appliance cannot decrypt it to save traffic, is there a way to use it with TLS enabled?
5. You need to consult your appliance manufacturer for this.  But keeping Opportunistic TLS on shouldn't cause any issues because as I said, it tries TLS first and then reverts to non-TLS if necessary.

6. If not, is there another way to use it more securely?

The Microsoft Developer Network

 

機會性 TLS   在舊版 Exchange Server 中，必須手動設定 TLS。此外，您必須在執行 Exchange Server 的伺服器上安裝適用於 TLS 的有效憑證。在 Exchange 2007 中，安裝程式會建立自行簽署憑證。預設會啟用 TLS。這可讓任何傳送系統將輸入的簡易郵件傳送通訊協定 (SMTP) 工作階段加密到 Microsoft Exchange 中。依據預設，Exchange 2007 也會針對所有遠端連線嘗試 TLS。

Blog 延伸閱讀

Ticket: Exchange 2007 Disable TLS between HUB (Part 1)

More Information