EWS 连接是否支持 TLS 1.2
Does EWS connection supports TLS 1.2
我不是 EWS 或 TLS 1.2 方面的专家。而且我不确定如何调查这个问题。
基本上,我有大量使用 EWS 的客户端应用程序,其形式是从 Exchange 服务器提取数据并从 Exchange 服务器接收有关订阅主题的通知。
我工作的客户提出了一个问题。我从客户端应用到 Exchange 服务器的 EWS 连接是否支持 TLS 1.2?
Exchange 服务器可以是 2010 和 2013。
我不确定如何确认这一点,或者默认情况下支持这一点。
欢迎提出任何意见或建议。
编辑:
客户端应用程序是用 JavaScript 编写的。
Exchange 服务器端点是 https://outlook.office365.com/EWS/Exchange.asmx
很明显,它是 https 端点。这是否意味着它已经在 TLS 1.2 合规性下运行良好?
TLS 在传输层完成,因此对于 EWS 的支持取决于基础 IIS 设置。对于Office365,答案是肯定的(参见here)。
HTTPS (OWA, Outlook, EWS, Remote PS, etc.) – The support for TLS 1.1 and 1.2 is based on the support in IIS itself. Windows 2008 R2 or later supports both TLS 1.1 and 1.2, though the specific version of Windows may have these disabled or enabled by default. There is another important caveat here: the HTTPS proxy between CAS and Mailbox requires TLS 1.0 in current versions of Exchange Server – so disabling TLS 1.0 between CAS and Mailbox causes the proxy to fail. This is also something we have addressed in the Exchange 2016 Preview. We hope to make this available in a future CU, or you can make a request for it via Support. If you have dedicated roles, you can technically disable TLS 1.0 between the client & CAS, but we still are not recommending this. Office 365 already supports TLS 1.1 & 1.2, if the client supports them.
基本上客户端端点支持 TLS 1.2,所以只要您的客户端支持它,您就可以了。
干杯
格伦
我不是 EWS 或 TLS 1.2 方面的专家。而且我不确定如何调查这个问题。
基本上,我有大量使用 EWS 的客户端应用程序,其形式是从 Exchange 服务器提取数据并从 Exchange 服务器接收有关订阅主题的通知。
我工作的客户提出了一个问题。我从客户端应用到 Exchange 服务器的 EWS 连接是否支持 TLS 1.2?
Exchange 服务器可以是 2010 和 2013。
我不确定如何确认这一点,或者默认情况下支持这一点。
欢迎提出任何意见或建议。
编辑:
客户端应用程序是用 JavaScript 编写的。
Exchange 服务器端点是 https://outlook.office365.com/EWS/Exchange.asmx
很明显,它是 https 端点。这是否意味着它已经在 TLS 1.2 合规性下运行良好?
TLS 在传输层完成,因此对于 EWS 的支持取决于基础 IIS 设置。对于Office365,答案是肯定的(参见here)。
HTTPS (OWA, Outlook, EWS, Remote PS, etc.) – The support for TLS 1.1 and 1.2 is based on the support in IIS itself. Windows 2008 R2 or later supports both TLS 1.1 and 1.2, though the specific version of Windows may have these disabled or enabled by default. There is another important caveat here: the HTTPS proxy between CAS and Mailbox requires TLS 1.0 in current versions of Exchange Server – so disabling TLS 1.0 between CAS and Mailbox causes the proxy to fail. This is also something we have addressed in the Exchange 2016 Preview. We hope to make this available in a future CU, or you can make a request for it via Support. If you have dedicated roles, you can technically disable TLS 1.0 between the client & CAS, but we still are not recommending this. Office 365 already supports TLS 1.1 & 1.2, if the client supports them.
基本上客户端端点支持 TLS 1.2,所以只要您的客户端支持它,您就可以了。
干杯 格伦