How to allow Outlook to connect over TLS 1.1/1.2

Notice anything different?

We've enhanced the appearance of our portal and we're working on updating screenshots. Things might look different, but the functionality remains the same.

September 10, 2019

By Jason Dobry

Learn the workaround for versions of Outlook not compatible with TLS 1.0.

Problem

Most web hosts have disabled the obsolete security protocol, TLS 1.0, and Microsoft Outlook requires v. 1.0 to connect on some versions of Windows. A 1.1/1.2-compliant version of Outlook will not be available until October 2018 at the earliest.

Preferred solution

To allow Outlook to connect TLS over 1.2 and retain PCI compliance, we recommend using IIS Crypto, a free tool from Nartac Software.

Alternative solution

This PCI-compliant solution allows Outlook to connect over TLS 1.1 and 1.2, but involves making changes to your Windows registry.

If you are uncomfortable changing your registry, or prefer an alternative, we recommend IIS Crypto, a free tool from Nartac Software.

ATTENTION: This solution requires Windows Server 2008 R2 or Windows 7, or newer, and administrative access.

ATTENTION: This solution has not been tested on all configurations and your results may vary. For additional options, see the Other resources section.

In the Windows Start menu, either in the RunBox or the SearchBox, type regedit and press Enter.
Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols.
Under Protocols, add two new keys if not already present: TLS 1.1 and TLS 1.2 . To create a key, select Edit > New > Key from the main menu. Inside each key, add another key, Client .
For the client key under TLS 1.1, right-click on the right pane. Select New > DWORD (32-bit) Value.
Create a DWORD value called DisabledByDefault using the default value of 00000000.
Repeat Steps 4 - 5 for the client key under TLS 1.2.
Restart the machine and launch Outlook, which should now connect to a server running only TLS 1.1 or 1.2.