How Can We Help?
How to check the installed version of SSL in exchange 2019
To check the installed version of SSL (Secure Sockets Layer) in Microsoft Exchange 2019, you’re typically looking at the TLS (Transport Layer Security) versions because SSL is largely deprecated. Here’s how you can check the installed versions of SSL/TLS:
1. Check TLS/SSL Versions via Registry
The installed TLS/SSL versions in Windows are configured through the registry, and you can check which versions are enabled using these steps.
- Open the Registry Editor:
- Press
Win + R, typeregedit, and hit Enter to open the Registry Editor.
- Press
- Navigate to the TLS/SSL Configuration Keys:
- For TLS versions:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
In this location, you can see folders like
TLS 1.0,TLS 1.1,TLS 1.2,TLS 1.3, etc. Each folder will containClientandServersubkeys that define the state of the protocols.- For SSL versions (though deprecated):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0(and SSL 3.0 if enabled)
- For TLS versions:
- Check the
EnabledValue:- Within each version folder (
TLS 1.0,TLS 1.1,TLS 1.2, etc.), open theServersubkey. - Look for a
DWORDvalue named Enabled.0means disabled.1means enabled.
If the
EnabledDWORD is missing, it may be enabled by default. - Within each version folder (
2. Check via PowerShell
Exchange 2019 relies on Windows Server’s SSL/TLS configuration. You can also use PowerShell to check the supported SSL/TLS protocols for the local system.
- Open PowerShell as Administrator:
- Press
Win + Xand select “Windows PowerShell (Admin)”.
- Press
- Run the following PowerShell command:
This will display the available cipher suites for your server and the SSL/TLS protocols in use.
Another PowerShell command to view SSL/TLS versions is:
This will return the current security protocol being used by the system, which includes TLS versions like TLS 1.0, TLS 1.1, or TLS 1.2.