I am trying to get a working 'autodiscover' for my hosting servers.
Seeing a consistent failing from the Windows 10 'Mail' client, which relies on the 'autodiscover' of Outlook, while my 'autodiscover' works fine with older MS Outlook clients, I started testing my 'autodiscover' with Microsofts https://testconnectivity.microsoft.com/tests/O365Ola/input service.
There I finally get an error on there being no compatible cipher suite between the cipher suits Microsoft offers ( https://docs.microsoft.com/en-gb/mi...-details-about-encryption?view=o365-worldwide ) and my 'autodiscover' website.
Microsoft only offers TLS 1.2 at the moment. My server offers TLS 1.2 and 1.3, with the default 'ssl_configuration=intermediate' in the options.conf of Custombuild.
But also tinkering with the SSL cipher suits didn't give me any situation where I had a matching cipher suite with the ones that Microsoft offers.
Looking at the availble TLS v1.2 cipher suites ( https://www.mkssoftware.com/docs/man1/openssl_ciphers.1.asp ) I was expecting a match with either ECDHE-RSA-AES128-GCM-SHA256 or ECDHE-RSA-AES256-GCM-SHA384.
Putting these in the configuration, and checking through ssllabs.com, this gave me zero TLS v1.2 cipher suits;
nothing for TLS v1.2.
Now, am I missing something, or is the Microsoft cipher suite indeed incompatible with what OpenSSL can offer?
The server at which I was testing things is rather default, fully updated, running CloudLinux 8 and DirectAdmin, installed from Custombuild.
Setup is with Apache / Nginx proxy
OpenSSL 1.1.1g FIPS 21 Apr 2020
I hope Microsoft won't be applying these ciphers suites at their mail servers, and either not delivering email at 'incompatible servers' anymore, or just sending over open connections?
Seeing a consistent failing from the Windows 10 'Mail' client, which relies on the 'autodiscover' of Outlook, while my 'autodiscover' works fine with older MS Outlook clients, I started testing my 'autodiscover' with Microsofts https://testconnectivity.microsoft.com/tests/O365Ola/input service.
There I finally get an error on there being no compatible cipher suite between the cipher suits Microsoft offers ( https://docs.microsoft.com/en-gb/mi...-details-about-encryption?view=o365-worldwide ) and my 'autodiscover' website.
Microsoft only offers TLS 1.2 at the moment. My server offers TLS 1.2 and 1.3, with the default 'ssl_configuration=intermediate' in the options.conf of Custombuild.
But also tinkering with the SSL cipher suits didn't give me any situation where I had a matching cipher suite with the ones that Microsoft offers.
Looking at the availble TLS v1.2 cipher suites ( https://www.mkssoftware.com/docs/man1/openssl_ciphers.1.asp ) I was expecting a match with either ECDHE-RSA-AES128-GCM-SHA256 or ECDHE-RSA-AES256-GCM-SHA384.
Putting these in the configuration, and checking through ssllabs.com, this gave me zero TLS v1.2 cipher suits;
nothing for TLS v1.2.
Now, am I missing something, or is the Microsoft cipher suite indeed incompatible with what OpenSSL can offer?
The server at which I was testing things is rather default, fully updated, running CloudLinux 8 and DirectAdmin, installed from Custombuild.
Setup is with Apache / Nginx proxy
OpenSSL 1.1.1g FIPS 21 Apr 2020
I hope Microsoft won't be applying these ciphers suites at their mail servers, and either not delivering email at 'incompatible servers' anymore, or just sending over open connections?
Last edited: