How to Enable TLS 1.2 in Outlook (Windows 7)

TLS Protocol Version 1.0 is not secure and as a result, needs to be disabled on servers that offer PCI compliance.

Currently, we only support TLS 1.2.

If you’re using Windows 7 and Windows 8.0, applications built using WinHTTP such as Microsoft Outlook, Word, etc will only support TLS 1.0.

Since this protocol is no longer secure and is now disabled, if you try and establish a secure connection using your Outlook e-mail client to the GreenGeeks mail server, Outlook will display an error message similar to the one below:[ht_message mstyle=”info” title=”” show_icon=”” id=”” class=”” style=”” ]“Your server does not support the connection encryption type you have specified.”[/ht_message]

To resolve this issue and allow Outlook to communicate securely to the GreenGeeks mail server using TLS 1.2, you will have to follow these instructions.

Install the KB3140245 Update

Before you start, you will need the KB3140245 patch required for your operating system. You can get it by going to the Microsoft Update Catalog.

Click the “Download” button for your OS. As you can see, this patch is needed for Windows 7, 8 and Server 2008 and 2012.
Download

Make sure you’re getting the correct file. You will see that Windows 7 has two available files. These are for 32 and 64-bit systems. Download the one that matches your version of Windows.

Once you download the file, install it.

download-install

However, you may already have this file if updates are current in Windows. It’s usually in the Optional section as it’s not necessarily needed to run the computer.

It’s probably a good idea to see if it’s already listed and update the file from Windows Updates.

Registry Editing Method 1: Using Easy Fix

If you don’t want to root around in the system’s registry, and I don’t blame you for not, you can always use the “Easy Fix” application. You can find this on Microsoft’s website, and it will do all the changes for you automatically.

Go to the Microsoft website and click “Download” under Easy Fix.
Easy Fix

You may have to scroll down the page a bit to see the download button.

Run the application and follow its instructions.

run application

Registry Editing Method 2: Editing The Registry

For this tutorial, we’ll edit the registry of Windows. Although this is a delicate process, it’s not overly difficulty. As long as you follow the instructions precisely, you’ll have nothing to worry about.

Open the Registry Editor

Click the Start button on the bottom left.

click start button

Click the option to “Run”. This will open a new small window with a text field.

run

Type regedit in the field and click, “OK.”
regedit

Adding the DWORD Value

Look for this entry in the Regedit screen:[ht_message mstyle=”info” title=”” show_icon=”” id=”” class=”” style=”” ]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp[/ht_message]

Regedit Entry

Create a DWORD value Called DefaultSecureProtocols.

create dword

Set the value of this to: 0xA00

set value

Now look for this entry:[ht_message mstyle=”info” title=”” show_icon=”” id=”” class=”” style=”” ]HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp[/ht_message]

look entry

Create a DWORD value Called DefaultSecureProtocols.

create dword value

Set the value of this to: 0xA00

set value this

Look for this value in the registry:[ht_message mstyle=”info” title=”” show_icon=”” id=”” class=”” style=”” ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client[/ht_message]

value registry

Create DisabledByDefault DWORD and set the value to: 0.

set value 0

Reboot the Computer

Once your values are placed and saved in Regedit, reboot the computer. Your settings will be live once the system restarts.

Keep Your Email Secure

Any security is better than none at all. Using TLS helps by giving you a layer of protection to keep your data safe. It’s not only email fraud that will cost your business in the long run.

Do what you can to make your email harder to access by the criminal element.

3 thoughts on “How to Enable TLS 1.2 in Outlook (Windows 7)”

  1. I am trying this method but when I go to Schannel\protocols I only see SSL v2.0 listed. Any ideas as to why this is happening?

  2. TYVM! Saved my bacon!
    My hosting provider turned off TLS1.0/1.1 and one of my clients is using Windows Live Mail on Windows 7. The registry edits above (I had to add the TLS 1.2\Client keys) along with unchecking the old TLS protocols in Internet connection settings worked 100%

  3. tested this article on 3 computers. only on 1 worked. then I read more articles and figure it out.

    step 1 – make Windows update first . seems this is dependent mode then KB3140245 patch
    step 2 – make what is written in this article (KB3140245 + EasyFix)
    step 3 – add this into registry (then restart):

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
    “DisabledByDefault”=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
    “DisabledByDefault”=dword:00000000

    After that it work on the other 2 computers also.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.