Enable TLS 1.2 Encryption on Windows XP/2008/7/Windows 2008 R2

TLS is the successor of SSL, EASendMail supports SSL 3.0/TLS 1.0 - TLS 1.2 very well. In EASendMail, ConnectSTARTTLS doesn't mean TLS encryption, it means STARTTLS command in SMTP protocol.

You don't have to set any property to enable TLS 1.2 encryption. If your server requires TLS 1.2 encryption, TLS 1.2 encryption is used automatically with ConnectSSLAuto, ConnectSTARTTLS or ConnectDirectSSL.

To enable TLS 1.2 on some legacy systems, you need to install the following update/packages:

Windows XP/2003 32bit (x86)

• POSReady.reg

  Put the following POSReady text in POSReady.txt, rename to POSReady.reg, right-click Merge, Yes You can also download it from POSReady.reg.

  Windows Registry Editor Version 5.00 
  [HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady] 
  "Installed"=dword:00000001
  
  

• KB4019276

  After you merge POSReady.reg, go to: https://www.catalog.update.microsoft.com/search.aspx?q=kb4019276 Download and Install "Update for WES09 and POSReady 2009 (KB4019276)".

  More information: http://support.microsoft.com/kb/4019276

• Add/merge the following registry keys to enable TLS 1.1 and TLS 1.2

  Windows Registry Editor Version 5.00
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
  "DisabledByDefault"=dword:00000000
  
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
  "DisabledByDefault"=dword:00000000
  
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
  "DisabledByDefault"=dword:00000000
  
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
  "DisabledByDefault"=dword:00000000
  
  

Windows 2008 SP2

• KB4019276

  After you merge POSReady.reg, go to: https://www.catalog.update.microsoft.com/search.aspx?q=kb4019276 Download and Install "Update for Windows Server 2008 ... " (select your CPU architecture).

  More information: http://support.microsoft.com/kb/4019276

• Add/merge the following registry keys to enable TLS 1.1 and TLS 1.2

  Windows Registry Editor Version 5.00
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
  "DisabledByDefault"=dword:00000000
  
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
  "DisabledByDefault"=dword:00000000
  
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
  "DisabledByDefault"=dword:00000000
  
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
  "DisabledByDefault"=dword:00000000
  
  

Windows 2008 R2/7

• Add/merge the following registry keys to enable TLS 1.1 and TLS 1.2

      Windows Registry Editor Version 5.00
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
      "DisabledByDefault"=dword:00000000
      
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
      "DisabledByDefault"=dword:00000000
      
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
      "DisabledByDefault"=dword:00000000
      
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
      "DisabledByDefault"=dword:00000000
      
  

Enable TLS 1.2 with IE 8.0 on Windows XP

To use WebBrowser Control + OAUTH/XOAUTH2 on Windows XP, you need to enable TLS 1.2 in IE8 like this:

• KB4316682

  Go to: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4316682 Download and install "Cumulative Update for Internet Explorer 8 for WES09 and POSReady 2009 (KB4316682)"

  More information: http://support.microsoft.com/kb/4316682

• KB4230450

  Go to: https://www.catalog.update.microsoft.com/search.aspx?q=KB4230450 Download and install "Cumulative Security Update for Internet Explorer 8 for WES09 and POSReady 2009 (KB4230450)"

• After navigating the chain of registry keys, click the key TLS1.1/TLS1.2, in the right panel, right-click "OSVersion", click Modify, enter the Value data shown above, click OK. (you must change "3.6.1.0.0" to "3.5.1.0.0")

  Windows Registry Editor Version 5.00
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1]
  "OSVersion"="3.5.1.0.0"
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1]
  "OSVersion"="3.5.1.0.0"
              

• Open IE8, click Tools, Internet Options, Advanced tab, pull the thumb bar all the way down. You should see new checkbox options for "Use TLS 1.1", "Use TLS 1.2". (KB4230450 will install these checkboxes, but they won't work without KB4019276.) 11) Uncheck "Use TLS 1.0" (insecure). Check "Use TLS 1.1" and "Use TLS 1.2". Click OK.

Enable TLS 1.2 with EWS on Windows XP

• KB4467770

  Go to: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4467770 Download and install "Update for WES09 and POSReady 2009 (KB4467770)"

  More information: http://support.microsoft.com/kb/4467770

• Add/merge the following registry keys to enable TLS 1.0/TLS 1.1/TLS 1.2 for WinHttp

  Windows Registry Editor Version 5.00                
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
  "DefaultSecureProtocols"=dword:00000a80
  
  

Enable TLS 1.1/1.2 with EWS on Windows 7/2008 R2/2012/2012 R2

• KB3140245

  Go to: https://www.catalog.update.microsoft.com/search.aspx?q=kb3140245 Download and install "Update for [OS] (KB3140245)"

  More information: http://support.microsoft.com/kb/3140245

• Add/merge the following registry keys to enable TLS 1.1/TLS 1.2 for WinHttp

  Windows Registry Editor Version 5.00                
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
  "DefaultSecureProtocols"=dword:00000a00
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
  "DefaultSecureProtocols"=dword:00000a00
  
  

Enable TLS Strong Encryption Algorithms in .NET 20 and .NET 4.0

• Add/merge the following registry keys

  Windows Registry Editor Version 5.00
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
  "SchUseStrongCrypto"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
  "SchUseStrongCrypto"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
  "SchUseStrongCrypto"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
  "SchUseStrongCrypto"=dword:00000001
      
  

Online Examples

Send Email over SSL/TLS - C#
Send Email over SSL/TLS - Visual Basic
Send Email over SSL/TLS - C++/CLI

Online Tutorial

Send Email over SSL/TLS in C#
Send Email using Gmail in C#
Send Email using Yahoo in C#
Send Email using Hotmail/Live in C#

Send Email over SSL/TLS in VB
Send Email using Gmail in VB
Send Email using Yahoo in VB
Send Email using Hotmail/Live in VB

Send Email over SSL/TLS in C++/CLI
Send Email using Gmail in C++/CLI
Send Email using Yahoo in C++/CLI
Send Email using Hotmail/Live in C++/CLI

See Also

Using EASendMail SMTP .NET Component
User Authentication and SSL Connection
Using Gmail SMTP OAUTH
Using Gmail/GSuite Service Account + SMTP OAUTH Authentication
Using Office365 EWS OAUTH
Using Office365 EWS OAUTH in Background Service
Using Hotmail SMTP OAUTH
From, ReplyTo, Sender and Return-Path
DomainKeys and DKIM Signature
Send E-mail Directly (Simulating SMTP server)
Work with EASendMail Service (Email Queuing)
Bulk Email Sender Guidelines
Process Bounced Email (Non-Delivery Report) and Email Tracking
EASendMail .NET Namespace References
EASendMail SMTP Component Samples