outlook 2016 for mac can't connect to Exchange 2013
We have 1 Mac (osx 10.11.1) user running Outlook 2016, and he is trying to connect to our Exchange 2013 server (Version 15.0 Build 847.32). After creating the account in outlook a yellow dot remains next to the account.
To diagnose we have ensured that our root cert is added to the trusted certs in the system keychain on the Mac, and we have verified that the client can negotiate/accept the cert:
openssl s_client -CApath ~/myca.cer -connect www.example.com:443
We can browse to our our exchange's www.example.com/owa from the Mac and all works fine. But for some reason the Mac client will not create / verify the account. Is there a further diagnostics step we can do to help resolve this?
UPDATE: On the exchange server I see events 36874 and 36888 with text:
An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
How can I ensure they negotiate a mutually acceptable cipher suite?
После долгих исследований, Mac не может договариваться с сервером Windows о наборе шифров. Причина в том, что они используют TLS 1.2, а сертификат подписан 512-битным SHA. Mac/Windows не могут работать с сертификатом, подписанным 512-битным SHA (по TLS1.2), поэтому пара прервет рукопожатие. Повторная установка 384-битного SHA подписанного сертификата на сервер Windows позволила Mac подключиться.
Корневой сертификат может быть SHA512 подписанным - только не сертификат сервера.