• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

use of TLS rather than SSL for OMA ActiveSync

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> use of TLS rather than SSL for OMA ActiveSync Page: [1]
Login
Message << Older Topic   Newer Topic >>
use of TLS rather than SSL for OMA ActiveSync - 21.Nov.2006 3:49:28 PM   
rishishah

 

Posts: 12
Joined: 11.Nov.2005
Status: offline
I want to implement a more secure version of OMA Activesync via TLS, rather than SSL. TLS gives me the FIPS 140-2 accreditation i need and this is very easy to do on the front-end exchange server for instance.

I change tick the use FIPS Cypto option within the server's local security group policy and voila this works. The Windows Mobile 5 itsself automatically understands if the server is using TLS 1.0 rather than SSL and automatically uses TLS.

What i want to find out is that if i make the same Local security proup policy change to a ISA 2006 server, will the ISA be able to automatically publish the front-end server via TLS rather than SSL? Also can the ISA than terminate the TLS connection, check the credentials, re-encrypt and send back to the Front-End exchange server?

Thanks,

Rishi
Post #: 1
RE: use of TLS rather than SSL for OMA ActiveSync - 28.Nov.2006 11:14:13 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
I didn't know that the clients supported this.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to rishishah)
Post #: 2
RE: use of TLS rather than SSL for OMA ActiveSync - 28.Nov.2006 11:20:57 AM   
rishishah

 

Posts: 12
Joined: 11.Nov.2005
Status: offline
In my current test environment i have a simple ADSL ROuter/Firwall protecting the front-end exchange server. I have set the front-end to TLS and this works like a charm for Outlook over RPC, OWA and OMA Activesync which all work over TLS.

I just want to know if i can do the same through an ISA 2006... any ideas?

(in reply to tshinder)
Post #: 3
RE: use of TLS rather than SSL for OMA ActiveSync - 28.Nov.2006 12:11:12 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
OK, then it should work on the ISA Firewall. I know that the ISA Firewall will work with any CSP used by Windows.

Give it a try and let us know how it works!

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to rishishah)
Post #: 4
RE: use of TLS rather than SSL for OMA ActiveSync - 22.Dec.2006 5:17:58 AM   
rishishah

 

Posts: 12
Joined: 11.Nov.2005
Status: offline
I can confirm that this works spot on with OWA and Exchange ActiveSync on Windows Mobile 5 devices. So the encryption between the ISA and the end user (OWA or Exchange ActiveSync) is TLS rather than the weaker SSL.

The ISA can also stop the TLS session at the ISA its self, perform the authentication, then the checks and finally allow it onwards onto the Exchange Server.

Rishi 


(in reply to tshinder)
Post #: 5
RE: use of TLS rather than SSL for OMA ActiveSync - 26.Dec.2006 12:15:08 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Rishi,

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to rishishah)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> use of TLS rather than SSL for OMA ActiveSync Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts