TLS is the successor of SSL, EASendMail supports SSL 3.0/TLS 1.0 - TLS 1.2 very well. In EASendMail, ConnectSTARTTLS doesn’t mean TLS encryption, it means STARTTLS command in SMTP protocol.
You don’t have to set any property to enable TLS 1.2 encryption. If your server requires TLS 1.2 encryption, TLS 1.2 encryption is used automatically with ConnectSSLAuto, ConnectSTARTTLS or ConnectDirectSSL.
Here are some online examples:
.NET framework:
ActiveX Object:
Note
If you’re using Windows 2016, Windows 10 or later version, you don’t need to install any updates.
POSReady.reg
Put the following content to a file named POSReady.reg
, right-click this file -> Merge
-> Yes
.
You can also download it from https://www.emailarchitect.net/webapp/download/PosReady.zip.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001
KB4019276
After you merged POSReady.reg, go to: https://www.catalog.update.microsoft.com/search.aspx?q=kb4019276.
Download and Install "Update for WES09 and POSReady 2009 (KB4019276)"
.
More information: http://support.microsoft.com/kb/4019276
KB3081320
Go to: https://www.catalog.update.microsoft.com/Search.aspx?q=kb3081320
Download and Install "Security Update for WEPOS and POSReady 2009 (KB3081320)"
.
Add/merge the following registry keys to enable TLS 1.2
Put the following content to a file named Tls12.reg
, right-click this file -> Merge
-> Yes
.
You can also download it from https://www.emailarchitect.net/webapp/download/tls12.zip.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
To use WebBrowser Control + OAUTH/XOAUTH2 on Windows XP, you also need to enable TLS 1.2 in IE8 like this. If you don’t use Web OAUTH, please ignore this section.
KB4316682
Go to: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4316682. Download and
install "Cumulative Update for Internet Explorer 8 for WES09 and POSReady 2009 (KB4316682)"
.
More information: http://support.microsoft.com/kb/4316682
KB4230450
Go to: https://www.catalog.update.microsoft.com/search.aspx?q=KB4230450. Download and
install "Cumulative Security Update for Internet Explorer 8 for WES09 and POSReady 2009 (KB4230450)"
.
After navigating the chain of registry keys, click the key TLS1.1/TLS1.2, in the right panel, right-click “OSVersion”, click Modify, enter the Value data shown above, click OK. (you must change “3.6.1.0.0” to “3.5.1.0.0”)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1]
"OSVersion"="3.5.1.0.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2]
"OSVersion"="3.5.1.0.0"
Open IE8, click Tools
-> Internet Options -> ``Advanced tab
, pull the thumb bar all the way down.
You should see new checkbox options for "Use TLS 1.1"
and "Use TLS 1.2"
.
(KB4230450
will install these checkboxes, but they won’t work without KB4019276
.)
Uncheck "Use TLS 1.0" (insecure)
. Check "Use TLS 1.1"
and "Use TLS 1.2"
. Click OK
.
EWS protocol uses Windows built-in WinHttp API, so you also need to to enable TLS 1.2 for WinHttp like this. If you don’t use EWS/Gmail Api protocol, please ignore this section.
KB4467770
Go to: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4467770,
download and install "Update for WES09 and POSReady 2009 (KB4467770)"
.
More information: http://support.microsoft.com/kb/4467770
Add/merge the following registry keys to enable TLS 1.0/TLS 1.1/TLS 1.2 for WinHttp
Put the following content to a file named WinHttpTls12.reg
, right-click this file -> Merge
-> Yes
.
You can also download it from https://www.emailarchitect.net/webapp/download/WinHttpTls12.zip.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000a80
KB4019276
Go to: https://www.catalog.update.microsoft.com/search.aspx?q=kb4019276. Download
and Install "Update for Windows Server 2008 ... "
(select your CPU architecture).
More information: http://support.microsoft.com/kb/4019276
Add/merge the following registry keys to enable TLS 1.2
Put the following content to a file named Tls12.reg
, right-click this file -> Merge
-> Yes
.
You can also download it from https://www.emailarchitect.net/webapp/download/tls12.zip.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
Add/merge the following registry keys to enable TLS 1.2
Put the following content to a file named Tls12.reg
, right-click this file -> Merge
-> Yes
.
You can also download it from https://www.emailarchitect.net/webapp/download/tls12.zip.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
EWS protocol uses Windows built-in WinHttp API, so you also need to to enable TLS 1.2 for WinHttp like this. If you don’t use EWS/Gmail Api protocol, please ignore this section.
KB3140245
Go to: https://www.catalog.update.microsoft.com/search.aspx?q=kb3140245,
download and install "Update for [OS] (KB3140245)"
.
More information: http://support.microsoft.com/kb/3140245
Add/merge the following registry keys to enable TLS 1.1/TLS 1.2 for WinHttp
Put the following content to a file named WinHttpTls12.reg
, right-click this file -> Merge
-> Yes
.
You can also download it from https://www.emailarchitect.net/webapp/download/WinHttpTls12.zip.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000a00
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000a00
Add/merge the following registry keys
Put the following content to a file named NetStrongEncrypt.reg
, right-click this file -> Merge
-> Yes
.
You can also download it from https://www.emailarchitect.net/webapp/download/NetStrongEncrypt.zip.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
Appendix
Comments
If you have any comments or questions about above example codes, please click here to add your comments.