Ciphers used by Secure Mail when connecting to Exchange server
If the authentication is set to Basic Authentication Secure Mail is communicating using TLSv1.0
If the authentication is set to Client Based Authentication Secure Mail is communicating using TLSv1.2
Why Secure Mail is changing the Cipher suites when we change the Authentication on exchange?
Tested internally noticed the packet trace showing that the server puts that forward in the SSL handshake / negotiation and the client accepts it (since in this case, Secure Mail supports both). This could be a question for Microsoft as to why it chooses one over the other.
Also, referring to this article @ https://technet.microsoft.com/en-us/library/cc783349(v=ws.10).aspx (see below excerpts), it definitely looks like the Exchange server decides the protocol to use for the connection.
Client Hello Message
The client initiates a session by sending a Client Hello message to the server. The Client Hello message contains:
- Version Number. The version number of the highest version that the client supports. This is sent by the client to the server. Version 2 is used for SSL 2.0, version 3 for SSL 3.0, and version 3.1 for TLS. Although the IETF RFC for TLS is TLS version 1.0, the protocol uses 3.1 in the version field to indicate that it is a later version, with more functionality than SSL 3.0.
Server Hello Message
The server responds with a Server Hello message. The Server Hello message includes:
- Version Number. The server sends the highest version number that is supported by both sides. This is the protocol version that will be used during the connection.
Conclusion It’s Exchange Server which decides what protocols/Ciphers to used by Secure Mail.