Knowledgebase

Home > Knowledgebase > General > Outlook compatibility with TLS v1.2

Outlook compatibility with TLS v1.2

We've found that some users with older versions of Microsoft Outlook, notably 2007 through 2012 editions, have experienced problems connecting to our mail servers.  This is because, as of 2018, the TLS v1.2 protocol is considered the only secure protocol available and we've transitioned to use that exclusively.

Researching with affected users over time has shown that despite their PCs being TLS v1.2 enabled, for some inexplicable reason Outlook fails to use it and instead falls back to the weakest protocol available to it, typically TLS v1.0.  That leads to connection failures at the mail server as, from 2018 onwards, we only accept connections using TLS v1.2.

Upgrading to Outlook 2016 is one solution, as is a switch to some other software such as the free Mozilla Thunderbird https://www.thunderbird.net/en-US/.  Or to keep using the same version of Outlook you'll need to make certain changes to the Windows registry, to disable all but the TLS v1.2 protocol.  Messing with the registry is quite technical and can be a bit hair raising for most users, so we recommend this simple process using a software tool to make those changes for you:

1.  Visit this page https://www.nartac.com/Products/IISCrypto/Download and download the IIS Crypto GUI version to somewhere on your PC.

2.  Double click on the downloaded file and it will open to something like the image below on Windows 7/8.  The Schannel tab is the one you want and that should open by default.  There, in the "Protocols" pane on the left make sure everything except TLS v1.2 is unchecked.  Then click "Apply".

 

3.  Reboot your PC to set the changes and test your email client.  Outlook now has no choice other than to use the secure TLS v1.2 protocol as it's the only one available to it.  You can delete the IIS Crypto file you downloaded at this point as you won't need it again.


 

Also read: