Condividi tramite


How To enable FIPS (3DES) for use in Exchange Activesync with SSL

When you setup Exchange Activesync in Exchange Server 2003 or 2007 by default it is setup to use SSL with 128bit RC4 Encryption.  There is a way to increase the Encryption from RC4 to 168bit 3DES Encryption that is FIPS Certified.  SSL with 3DES can be implemented by making a change on the Exchange Frontend or CAS server. 

In the Local Security Policy for the web server, make sure that you enable FIPS support by choosing the Security Setting enabled.

SSL with AES:

Windows Mobile 6 supports both SSL with 128bit AES Encryption and SSL with 256bit AES Encryption.  At present, AES cannot be used with Exchange ActiveSync (EAS) because EAS is built on IIS which does not currently support AES.

Source:
https://www.microsoft.com/technet/solutionaccelerators/mobile/maintain/SecModel/3506ad7e-88fb-4fe0-8cd0-b9dd9fa61507.mspx?mfr=true

Blog Article Adapted From:
https://blogs.iis.net/chrisad/archive/2006/07/31/1356489.aspx