Secure Messaging Exchange 2013 and Previous Versions

Microsoft Exchange Server 2013 provides administrative functionality and other enhancements that improve the overall management of Transport Layer Security (TLS). As you work with this functionality, you need to learn about some TLS-related features and functionality. Some terms and concepts apply to more than one TLS-related feature.

What is the difference between Exchange 2010 and Exchange 2013 TLS?
There is NO difference , it works the same. It uses the same Opportunistic TLS mechanism.

So what is Opprtunitics TLS by definition from TechNet?
Opportunistic TLS In earlier versions of Exchange, you had to configure TLS manually. In addition, you had to install a valid certificate, suitable for TLS usage, on the server running Exchange. In Exchange 2013, Setup creates a self-signed certificate. By default, TLS is enabled. This enables any sending system to encrypt the inbound SMTP session to Exchange. By default, Exchange 2013 also attempts TLS for all remote connections.

My previous post about MS Exchange 2010 TLS

Resource URLS
Exchange 2013 TLS Functionality
Exchange 2010 TLS Functionality

Secure messaging is simple too.

MS Exchange Server Secure Messaging

Transport Layer Security   TLS is a standard protocol that’s used to provide secure Web communications on the Internet or intranets. It enables clients to authenticate servers or, optionally, servers to authenticate clients. It also provides a secure channel by encrypting communications. TLS is the latest version of the Secure Sockets Layer (SSL) protocol.

How Does IT Work?

You need to have a certificate, it can be self-signed or 3rd Party purchased.
You have to make sure the certificate is assigned to the SMTP service like other web services.
Once you are almost ready and now you have to test it. The best way to test is using Telnet on port 25 of the receiving server and it should return 250 STARTTLS as below


Now let us check the setting at tthe Exchange Server, in this case I am using exchange 2010. Keep in mind Exchange 2010 uses Opportunistic TLS, mean by default it will try to establish the connection on SMTP on TLS and if not then it will regular SMTP.

Example of non-TLS non -secured SMTP message between two Exchange Server 2010


Example of secured message SMTP over TLS

tls3 tls4

Simple  Right 🙂