Enable and Use TLS 1.3 Protocol to Send Email on Windows 10 and Windows 11

TLS is the successor of SSL, EASendMail supports SSL 3.0/TLS 1.0 - TLS 1.3 very well. In EASendMail, ConnectSTARTTLS doesn’t mean TLS encryption, it means STARTTLS command in SMTP protocol.

Send Email over TLS 1.3

You don’t have to set any property to enable TLS 1.3 encryption. If your server requires TLS 1.3 encryption, TLS 1.3 encryption is used automatically with ConnectSSLAuto, ConnectSTARTTLS or ConnectDirectSSL.

But you must set EnabledSslProtocols property to SslProtocols.None to let system use TLS 1.3 protocol automatically. For ActiveX version, you don’t have to set any property.

// add this line before calling SendMail method.
smtp.EnabledSslProtocols = SslProtocols.None;
smtp.SendMail(server, mail);

// You can use LastUsedSslProtocol to detect what TLS version is used.
Console.WriteLine(smtp.LastUsedSslProtocol.ToString());

Here are some online examples:

.NET framework:

ActiveX Object:

Enable TLS 1.3 on Windows 10

Add/merge the following registry keys to enable TLS 1.3

Put the following content to a file named Tls13.reg, right-click this file -> Merge -> Yes.

You can also download it from https://www.emailarchitect.net/webapp/download/tls13.zip.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

Enable TLS 1.3 on Windows 11

Windows 11 has enabled TLS 1.3 by default, you don’t have to do anything to enable TLS 1.3 on Windows 11.

Enable TLS Strong Encryption Algorithms in .NET 2.0 and .NET 4.0

Add/merge the following registry keys

Put the following content to a file named NetStrongEncrypt.reg, right-click this file -> Merge -> Yes. You can also download it from https://www.emailarchitect.net/webapp/download/NetStrongEncrypt.zip.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

Appendix

Comments

If you have any comments or questions about above example codes, please click here to add your comments.