TLS Protocol Version 1.0 is not secure and as a result, needs to be disabled on servers that offer PCI compliance.
Currently, we only support TLS 1.2.
If you’re using Windows 7 and Windows 8.0, applications built using WinHTTP such as Microsoft Outlook, Word, etc will only support TLS 1.0.
Since this protocol is no longer secure and is now disabled, if you try and establish a secure connection using your Outlook e-mail client to the GreenGeeks mail server, Outlook will display an error message similar to the one below:[ht_message mstyle=”info” title=”” show_icon=”” id=”” class=”” style=”” ]“Your server does not support the connection encryption type you have specified.”[/ht_message]
To resolve this issue and allow Outlook to communicate securely to the GreenGeeks mail server using TLS 1.2, you will have to follow these instructions.
Install the KB3140245 Update
Before you start, you will need the KB3140245 patch required for your operating system. You can get it by going to the Microsoft Update Catalog.
Click the “Download” button for your OS. As you can see, this patch is needed for Windows 7, 8 and Server 2008 and 2012.
Make sure you’re getting the correct file. You will see that Windows 7 has two available files. These are for 32 and 64-bit systems. Download the one that matches your version of Windows.
Once you download the file, install it.
However, you may already have this file if updates are current in Windows. It’s usually in the Optional section as it’s not necessarily needed to run the computer.
It’s probably a good idea to see if it’s already listed and update the file from Windows Updates.
Registry Editing Method 1: Using Easy Fix
If you don’t want to root around in the system’s registry, and I don’t blame you for not, you can always use the “Easy Fix” application. You can find this on Microsoft’s website, and it will do all the changes for you automatically.
Go to the Microsoft website and click “Download” under Easy Fix.
You may have to scroll down the page a bit to see the download button.
Run the application and follow its instructions.
Registry Editing Method 2: Editing The Registry
For this tutorial, we’ll edit the registry of Windows. Although this is a delicate process, it’s not overly difficulty. As long as you follow the instructions precisely, you’ll have nothing to worry about.
Open the Registry Editor
Click the Start button on the bottom left.
Click the option to “Run”. This will open a new small window with a text field.
Type regedit in the field and click, “OK.”
Adding the DWORD Value
Look for this entry in the Regedit screen:[ht_message mstyle=”info” title=”” show_icon=”” id=”” class=”” style=”” ]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp[/ht_message]
Create a DWORD value Called DefaultSecureProtocols.
Set the value of this to: 0xA00
Now look for this entry:[ht_message mstyle=”info” title=”” show_icon=”” id=”” class=”” style=”” ]HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp[/ht_message]
Create a DWORD value Called DefaultSecureProtocols.
Set the value of this to: 0xA00
Look for this value in the registry:[ht_message mstyle=”info” title=”” show_icon=”” id=”” class=”” style=”” ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client[/ht_message]
Create DisabledByDefault DWORD and set the value to: 0.
Reboot the Computer
Once your values are placed and saved in Regedit, reboot the computer. Your settings will be live once the system restarts.
Keep Your Email Secure
Any security is better than none at all. Using TLS helps by giving you a layer of protection to keep your data safe. It’s not only email fraud that will cost your business in the long run.
Do what you can to make your email harder to access by the criminal element.
I am trying this method but when I go to Schannel\protocols I only see SSL v2.0 listed. Any ideas as to why this is happening?
TYVM! Saved my bacon!
My hosting provider turned off TLS1.0/1.1 and one of my clients is using Windows Live Mail on Windows 7. The registry edits above (I had to add the TLS 1.2\Client keys) along with unchecking the old TLS protocols in Internet connection settings worked 100%
tested this article on 3 computers. only on 1 worked. then I read more articles and figure it out.
step 1 – make Windows update first . seems this is dependent mode then KB3140245 patch
step 2 – make what is written in this article (KB3140245 + EasyFix)
step 3 – add this into registry (then restart):
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
“DisabledByDefault”=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
“DisabledByDefault”=dword:00000000
After that it work on the other 2 computers also.