use of TLS rather than SSL for OMA ActiveSync (Full Version)

All Forums >> [ISA 2006 Publishing] >> Exchange Publishing



Message


rishishah -> use of TLS rather than SSL for OMA ActiveSync (21.Nov.2006 3:49:28 PM)

I want to implement a more secure version of OMA Activesync via TLS, rather than SSL. TLS gives me the FIPS 140-2 accreditation i need and this is very easy to do on the front-end exchange server for instance.

I change tick the use FIPS Cypto option within the server's local security group policy and voila this works. The Windows Mobile 5 itsself automatically understands if the server is using TLS 1.0 rather than SSL and automatically uses TLS.

What i want to find out is that if i make the same Local security proup policy change to a ISA 2006 server, will the ISA be able to automatically publish the front-end server via TLS rather than SSL? Also can the ISA than terminate the TLS connection, check the credentials, re-encrypt and send back to the Front-End exchange server?

Thanks,

Rishi




tshinder -> RE: use of TLS rather than SSL for OMA ActiveSync (28.Nov.2006 11:14:13 AM)

I didn't know that the clients supported this.

Tom




rishishah -> RE: use of TLS rather than SSL for OMA ActiveSync (28.Nov.2006 11:20:57 AM)

In my current test environment i have a simple ADSL ROuter/Firwall protecting the front-end exchange server. I have set the front-end to TLS and this works like a charm for Outlook over RPC, OWA and OMA Activesync which all work over TLS.

I just want to know if i can do the same through an ISA 2006... any ideas?




tshinder -> RE: use of TLS rather than SSL for OMA ActiveSync (28.Nov.2006 12:11:12 PM)

OK, then it should work on the ISA Firewall. I know that the ISA Firewall will work with any CSP used by Windows.

Give it a try and let us know how it works!

Thanks!
Tom




rishishah -> RE: use of TLS rather than SSL for OMA ActiveSync (22.Dec.2006 5:17:58 AM)

I can confirm that this works spot on with OWA and Exchange ActiveSync on Windows Mobile 5 devices. So the encryption between the ISA and the end user (OWA or Exchange ActiveSync) is TLS rather than the weaker SSL.

The ISA can also stop the TLS session at the ISA its self, perform the authentication, then the checks and finally allow it onwards onto the Exchange Server.

Rishi 





tshinder -> RE: use of TLS rather than SSL for OMA ActiveSync (26.Dec.2006 12:15:08 PM)

Hi Rishi,

Thanks!
Tom




Page: [1]