Enable and Use TLS 1.2 Protocol to Send Email on Windows XP/Vista/7/10/Windows 2008/2008 R2/2012/2016/2019

TLS is the successor of SSL, EASendMail supports SSL 3.0/TLS 1.0 - TLS 1.2 very well. In EASendMail, ConnectSTARTTLS doesn’t mean TLS encryption, it means STARTTLS command in SMTP protocol.

Send Email over TLS 1.2

You don’t have to set any property to enable TLS 1.2 encryption. If your server requires TLS 1.2 encryption, TLS 1.2 encryption is used automatically with ConnectSSLAuto, ConnectSTARTTLS or ConnectDirectSSL.

Here are some online examples:

.NET framework:

ActiveX Object:

To enable TLS 1.2 on the following operating systems, you should install corresponding update/packages:

Note

If you’re using Windows 2016, Windows 10 or later version, you don’t need to install any updates.

Enable TLS 1.2 on Windows XP/2003 32bit (x86)

POSReady.reg

Put the following content to a file named POSReady.reg, right-click this file -> Merge -> Yes.

You can also download it from https://www.emailarchitect.net/webapp/download/PosReady.zip.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001

KB4019276

After you merged POSReady.reg, go to: https://www.catalog.update.microsoft.com/search.aspx?q=kb4019276. Download and Install "Update for WES09 and POSReady 2009 (KB4019276)".

More information: http://support.microsoft.com/kb/4019276

KB3081320

Go to: https://www.catalog.update.microsoft.com/Search.aspx?q=kb3081320 Download and Install "Security Update for WEPOS and POSReady 2009 (KB3081320)".

Add/merge the following registry keys to enable TLS 1.2

Put the following content to a file named Tls12.reg, right-click this file -> Merge -> Yes.

You can also download it from https://www.emailarchitect.net/webapp/download/tls12.zip.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

Enable TLS 1.2 with IE 8.0 on Windows XP

To use WebBrowser Control + OAUTH/XOAUTH2 on Windows XP, you also need to enable TLS 1.2 in IE8 like this. If you don’t use Web OAUTH, please ignore this section.

KB4316682

Go to: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4316682. Download and install "Cumulative Update for Internet Explorer 8 for WES09 and POSReady 2009 (KB4316682)".

More information: http://support.microsoft.com/kb/4316682

KB4230450

Go to: https://www.catalog.update.microsoft.com/search.aspx?q=KB4230450. Download and install "Cumulative Security Update for Internet Explorer 8 for WES09 and POSReady 2009 (KB4230450)".

After navigating the chain of registry keys, click the key TLS1.1/TLS1.2, in the right panel, right-click “OSVersion”, click Modify, enter the Value data shown above, click OK. (you must change “3.6.1.0.0” to “3.5.1.0.0”)

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1]
"OSVersion"="3.5.1.0.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2]
"OSVersion"="3.5.1.0.0"

Open IE8, click Tools -> Internet Options -> ``Advanced tab, pull the thumb bar all the way down. You should see new checkbox options for "Use TLS 1.1" and "Use TLS 1.2". (KB4230450 will install these checkboxes, but they won’t work without KB4019276.) Uncheck "Use TLS 1.0" (insecure). Check "Use TLS 1.1" and "Use TLS 1.2". Click OK.

Enable TLS 1.2 with EWS protocol on Windows XP

EWS protocol uses Windows built-in WinHttp API, so you also need to to enable TLS 1.2 for WinHttp like this. If you don’t use EWS/Gmail Api protocol, please ignore this section.

KB4467770

Go to: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4467770, download and install "Update for WES09 and POSReady 2009 (KB4467770)".

More information: http://support.microsoft.com/kb/4467770

Add/merge the following registry keys to enable TLS 1.0/TLS 1.1/TLS 1.2 for WinHttp

Put the following content to a file named WinHttpTls12.reg, right-click this file -> Merge -> Yes.

You can also download it from https://www.emailarchitect.net/webapp/download/WinHttpTls12.zip.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000a80

Enable TLS 1.2 on Windows 2008 SP2

KB4019276

Go to: https://www.catalog.update.microsoft.com/search.aspx?q=kb4019276. Download and Install "Update for Windows Server 2008 ... " (select your CPU architecture).

More information: http://support.microsoft.com/kb/4019276

Add/merge the following registry keys to enable TLS 1.2

Put the following content to a file named Tls12.reg, right-click this file -> Merge -> Yes.

You can also download it from https://www.emailarchitect.net/webapp/download/tls12.zip.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

Enable TLS 1.2 Windows 7/2008 R2/2012/2012 R2

Add/merge the following registry keys to enable TLS 1.2

Put the following content to a file named Tls12.reg, right-click this file -> Merge -> Yes.

You can also download it from https://www.emailarchitect.net/webapp/download/tls12.zip.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

Enable TLS 1.1/1.2 with EWS protocol on Windows 7/2008 SP2/2008 R2/2012/2012 R2

EWS protocol uses Windows built-in WinHttp API, so you also need to to enable TLS 1.2 for WinHttp like this. If you don’t use EWS/Gmail Api protocol, please ignore this section.

KB3140245

Go to: https://www.catalog.update.microsoft.com/search.aspx?q=kb3140245, download and install "Update for [OS] (KB3140245)".

More information: http://support.microsoft.com/kb/3140245

Add/merge the following registry keys to enable TLS 1.1/TLS 1.2 for WinHttp

Put the following content to a file named WinHttpTls12.reg, right-click this file -> Merge -> Yes.

You can also download it from https://www.emailarchitect.net/webapp/download/WinHttpTls12.zip.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000a00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000a00

Enable TLS Strong Encryption Algorithms in .NET 2.0 and .NET 4.0

Add/merge the following registry keys

Put the following content to a file named NetStrongEncrypt.reg, right-click this file -> Merge -> Yes. You can also download it from https://www.emailarchitect.net/webapp/download/NetStrongEncrypt.zip.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

Appendix

Comments

If you have any comments or questions about above example codes, please click here to add your comments.