Windows Server and TLS Support

As security protocols evolve and are replaced by newer, more secure versions, server administrators face the issue of removing support for deprecated protocols. For example, server administrators are currently facing the deprecation of TLS 1.0 and 1.1. Companies like Google, Microsoft and Apple are removing their own support for TLS 1.0/1.1, which means that server owners need to do the same if they want to communicate with these organizations. For example, Gmail will no longer accept mail from servers that still broadcast support for TLS 1.0 and 1.1. 

That means server administrators need to disable TLS 1.0/1.1 on their servers and adopt newer TLS versions. This may seem relatively simple, but the problem is not all Windows Server versions support TLS versions beyond 1.1. For example, Windows Server 2008 R2 doesn't support TLS 1.2. 

That means that server administrators may need to plan a server OS upgrade in addition to disabling support for TLS 1.0/1.1. Thankfully, Microsoft offers a chart of which versions of Windows support newer TLS versions. The link is below, but if you want to be able to support TLS 1.2, you will need to be on Windows Server 2012 AT THE VERY LEAST. Windows Server 2012 is the first server OS that offers TLS 1.2 support.

Of course, if a server administrator is facing an OS upgrade, they may as well upgrade to the latest version of Windows Server available rather than settling for the first version that supports newer protocols. Doing so means that their systems will be protected for years to come, and receive consistent security fixes. In addition, recent versions of SmarterMail will run best on the most recent versions of Windows Server. (E.g., Windows Server 2008 doesn't support the use of SignalR, which is what controls notifications and updates to your Inbox and other areas.)