Reply to Message

OWA uses IIS as its web server. It most definitely does support whatever encryption you configure for IIS, all the way up to accepting only TLS 1.2 connections.

All major modern browsers support at least TLS 1.0. I know IE and Opera support TLS 1.2, but Chrome currently tops out at TLS 1.1. Google for "BEAST attack SSL" to find stories about why browsers need to start supporting TLS 1.1 and 1.2. SSL and TLS 1.0 have weaknesses which were made public late last year.

Even if OWA used a web server that didn't support encryption, you could always just put a load balancer/SSL accelerator in front of it to do the encryption.