ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Symantec Email Submission Client (SESC) support for TLS 1.2

book

Article ID: 172754

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange Email Security.cloud

Issue/Introduction

 

With the release of the following Exchange updates Microsoft has announced TLS 1.2 can be strictly enabled on the Exchange server and older TLS/SSL versions can now be disabled.

  • Exchange 2013 CU 20
  • Exchange 2016 CU 9

After disabling TLS 1.0 and TLS 1.1 on the system Symantec Email Submission Client (SESC) no longer seems to be functioning.

 

Cause

 

Symantec Email Submission Client (SESC) was compiled using .NET 2.0.  The prerequisites for installation of SESC indicate .NET 3.5 is required due to the inclusion of .NET 2.0 for Server 2008R2 and later.  By default .NET 2.0 does not have TLS 1.2 support enabled.

Resolution

 

 

To allow .NET 2.0 compiled applications to communicate using TLS 1.2 ensure the latest version of .NET 3.5.1 is installed on the system.  Once confirmed, follow the steps outlined below to enable TLS 1.2 for .NET 2.0.

  1. Open "Run" and launch the registry editor (regedit.exe)
  2. Navigate to:  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727
  3. Modify "SystemDefaultTlsVersions" to the value of "1"
  4. Navigate to:  HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727
  5. Modify "SystemDefaultTlsVersions" to the value of "1"

 

 

For more information on enabling strict usage of TLS 1.2  in Microsoft Exchange see the following Microsoft articles:

TLS 1.2 for .NET 2.0:

  • https://support.microsoft.com/en-us/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework

TLS/SSL Protocols by Windows OS:

  • https://msdn.microsoft.com/en-us/library/windows/desktop/mt808159(v=vs.85).aspx

Exchange strict usage of TLS 1.2 only.

  • https://blogs.technet.microsoft.com/exchange/2018/01/26/exchange-server-tls-guidance-part-1-getting-ready-for-tls-1-2/
  • https://blogs.technet.microsoft.com/exchange/2018/04/02/exchange-server-tls-guidance-part-2-enabling-tls-1-2-and-identifying-clients-not-using-it/
  • https://blogs.technet.microsoft.com/exchange/2018/05/23/exchange-server-tls-guidance-part-3-turning-off-tls-1-01-1/