Transport Layer Security (TLS) has always been a critical component of securing communications in Microsoft Exchange Server, ensuring confidentiality and integrity of email traffic both internally and externally. With Exchange Server 2019, Microsoft has steadily evolved TLS support to align with modern security standards and deprecate older, weaker protocols. A notable shift came between Cumulative Update 14 (CU14) and Cumulative Update 15 (CU15). This update not only strengthens the security posture but also potentially impacts client connectivity, interoperability with legacy devices, and certificate configurations—making it essential for administrators to assess and understand their environments.
CU15 introduced Partial TLS 1.3 support for Exchange Server 2019. CU15 adds TLS 1.3 support (except for SMTP) to existing Microsoft Exchange Server 2019 on-premises installations that are running on eligible systems (Windows Server 2025 and Windows Server 2022). Note that TLS 1.3 server support is not backported to Windows Server 2019 or older.
This is a point in time snapshot of the TLS protocols enabled for HTTPS on Exchange Server 2019 that is deployed onto Windows Server 2022. There is a snapsot taken by ssllabs.com when the server was running Exchange Server 2019 CU14 and then immediately after upgrading it to CU15.
Exchange 2019 CU14 on Windows Server 2022
Exchange 2019 CU15 on Windows Server 2022
No other changes were made apart from upgrading from CU14 to CU15 then restarting the server.
Cheers,
Rhoderick
