Outlook 2011 for Mac and TLS support for Exchange 2010?

[mlc9]

I have a few Apple MacBook users with Outlook 2011, and connecting back to my Exchange 2010 server (essentially via OWA). Currently it all works fine.

With the new POODLE vulnerability, it is recommended that SSLv3 be disabled in Exchange, and instead fall back on TLS. Does anybody have any experience with Mac users connecting to Exchange, disabling all SSL versions (SSLv3, v2, etc) on Exchange, and the Mac user still being able to connect?

I am not able to find much on the web, but I have seen a few people say that Outlook 2011 for Mac does not support TLS. IF you go in to the settings for email, it does only have an option for "use SSL" and does not mention TLS.

Does anyone have any further insight? Thanks

 

[ShackDaddy]

True, right now TLS is not supported for Outlook 2011, but people are hoping that M$ will rush an update to support it.

Personally, I don't think POODLE poses much of a threat to Exchange users, but I guess that depends on how desperately someone wants your particular company's data. It would not be something a person could casually exploit at this point.

Dave Shackelford
ThirdTier.net

 

[mlc9]

Agreed, but regulatory compliance is the name of the game here and that mandates clean vulnerability scans. Unfortunately, POODLE triggers a vulnerability on Exchange to disable SSLv3. By doing so, I fear that I basically break my few Mac users.

Although I can not locate anything officially from Microsoft whether Outlook 2011 would not connect to Exchange if all SSL versions are disabled on Exchange (thereby relying on TLS), a few forums like this point to it not working.