[Work Item] Don't show TLS 1.3 settings on unsupported OS

microsoft / CSS-Exchange

Exchange Server support tools and scripts

MIT License

1.21k stars 332 forks source link

[Work Item] Don't show TLS 1.3 settings on unsupported OS #2062

Open lusassl-msft opened 2 months ago

lusassl-msft commented 2 months ago

Describe the work Customers are confused that Health Checker shows the TLS 1.3 settings on Server OS that don't support TLS 1.3 (e.g., Server 2016 or Server 2019). I've also seen cases where customers have explicitly set the TLS 1.3 registry keys (on unsupported OS) for client and server, to disable it. I don't think that this shouldn't cause any impact, however, we should improve HC to only show the TLS 1.3 section on Server 2022 or higher OS.

dpaulson45 commented 2 months ago

We should improve HC to only show the TLS 1.3 section on Server 2022 OS or higher by default all the time.

If on an unsupported version OS, then TLS 1.3 section should be displayed if enabled/misconfigured.