Enable and Use TLS 1.2 Protocol to Retrieve Email on Windows XP/Vista/7/10/Windows 2008/2008 R2/2012/2016/2019¶

Retrieve Email over TLS 1.2¶

You don’t have to set any property to enable TLS 1.2 encryption. If your server requires TLS 1.2 encryption, TLS 1.2 encryption is used automatically.

Here are some online examples:

.NET framework:

• Retrieve Email over SSL/TLS in C#
• Retrieve Email over SSL/TLS in VB.NET
• Retrieve Email over SSL/TLS in C++/CLI

ActiveX Object:

• Retrieve Email over SSL/TLS in VB6.0/VBA/VBScript
• Retrieve Email over SSL/TLS in Delphi
• Retrieve Email over SSL/TLS in Visual C++

To enable TLS 1.2 on the following operating systems, you should install corresponding update/packages:¶

Enable TLS 1.2 on Windows XP 32bit (x86)¶

POSReady.reg

Put the following content to a file named POSReady.reg, right-click this file -> Merge -> Yes.

You can also download it from https://www.emailarchitect.net/webapp/download/PosReady.zip.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001

KB4019276

After you merged POSReady.reg, go to: https://www.catalog.update.microsoft.com/search.aspx?q=kb4019276. Download and Install "Update for WES09 and POSReady 2009 (KB4019276)".

More information: http://support.microsoft.com/kb/4019276

KB3081320

Go to: https://www.catalog.update.microsoft.com/Search.aspx?q=kb3081320 Download and Install "Security Update for WEPOS and POSReady 2009 (KB3081320)".

Add/merge the following registry keys to enable TLS 1.2

Put the following content to a file named Tls12.reg, right-click this file -> Merge -> Yes.

You can also download it from https://www.emailarchitect.net/webapp/download/tls12.zip.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

Enable TLS 1.2 with IE 8.0 on Windows XP¶

To use WebBrowser Control + OAUTH/XOAUTH2 on Windows XP, you also need to enable TLS 1.2 in IE8 like this. If you don’t use Web OAUTH, please ignore this section.

KB4316682

Go to: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4316682. Download and install "Cumulative Update for Internet Explorer 8 for WES09 and POSReady 2009 (KB4316682)".

More information: http://support.microsoft.com/kb/4316682

KB4230450

Go to: https://www.catalog.update.microsoft.com/search.aspx?q=KB4230450. Download and install "Cumulative Security Update for Internet Explorer 8 for WES09 and POSReady 2009 (KB4230450)".

After navigating the chain of registry keys, click the key TLS1.1/TLS1.2, in the right panel, right-click “OSVersion”, click Modify, enter the Value data shown above, click OK. (you must change “3.6.1.0.0” to “3.5.1.0.0”)

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1]
"OSVersion"="3.5.1.0.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2]
"OSVersion"="3.5.1.0.0"

Open IE8, click Tools -> Internet Options -> ``Advanced tab, pull the thumb bar all the way down. You should see new checkbox options for "Use TLS 1.1" and "Use TLS 1.2". (KB4230450 will install these checkboxes, but they won’t work without KB4019276.) Uncheck "Use TLS 1.0" (insecure). Check "Use TLS 1.1" and "Use TLS 1.2". Click OK.

Enable TLS 1.2 with EWS protocol on Windows XP¶

EWS protocol uses Windows built-in WinHttp API, so you also need to to enable TLS 1.2 for WinHttp like this. If you don’t use EWS/Gmail Api protocol, please ignore this section.

KB4467770

Go to: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4467770, download and install "Update for WES09 and POSReady 2009 (KB4467770)".

More information: http://support.microsoft.com/kb/4467770

Add/merge the following registry keys to enable TLS 1.0/TLS 1.1/TLS 1.2 for WinHttp

Put the following content to a file named WinHttpTls12.reg, right-click this file -> Merge -> Yes.

You can also download it from https://www.emailarchitect.net/webapp/download/WinHttpTls12.zip.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000a80

Enable TLS 1.2 on Windows 2008 SP2¶

KB4019276

Go to: https://www.catalog.update.microsoft.com/search.aspx?q=kb4019276. Download and Install "Update for Windows Server 2008 ... " (select your CPU architecture).

More information: http://support.microsoft.com/kb/4019276

Add/merge the following registry keys to enable TLS 1.2

Put the following content to a file named Tls12.reg, right-click this file -> Merge -> Yes.

You can also download it from https://www.emailarchitect.net/webapp/download/tls12.zip.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

Enable TLS 1.2 Windows 7/2008 R2/2012/2012 R2¶

Add/merge the following registry keys to enable TLS 1.2

Put the following content to a file named Tls12.reg, right-click this file -> Merge -> Yes.

You can also download it from https://www.emailarchitect.net/webapp/download/tls12.zip.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

Enable TLS 1.1/1.2 with EWS protocol on Windows 7/2008 SP2/2008 R2/2012/2012 R2¶

EWS protocol uses Windows built-in WinHttp API, so you also need to to enable TLS 1.2 for WinHttp like this. If you don’t use EWS/Gmail Api protocol, please ignore this section.

KB3140245

Go to: https://www.catalog.update.microsoft.com/search.aspx?q=kb3140245, download and install "Update for [OS] (KB3140245)".

More information: http://support.microsoft.com/kb/3140245

Add/merge the following registry keys to enable TLS 1.1/TLS 1.2 for WinHttp

Put the following content to a file named WinHttpTls12.reg, right-click this file -> Merge -> Yes.

You can also download it from https://www.emailarchitect.net/webapp/download/WinHttpTls12.zip.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000a00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000a00

Enable TLS Strong Encryption Algorithms in .NET 2.0 and .NET 4.0¶

Add/merge the following registry keys

Put the following content to a file named NetStrongEncrypt.reg, right-click this file -> Merge -> Yes. You can also download it from https://www.emailarchitect.net/webapp/download/NetStrongEncrypt.zip.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001