Nexcess Logo

How to allow Outlook to connect over TLS 1.1/1.2

Knowledge Base Home

Notice anything different?

We've enhanced the appearance of our portal and we're working on updating screenshots. Things might look different, but the functionality remains the same.
September 10, 2019

Learn the workaround for versions of Outlook not compatible with TLS 1.0.

Problem

Most web hosts have disabled the obsolete security protocol, TLS 1.0, and Microsoft Outlook requires v. 1.0 to connect on some versions of Windows. A 1.1/1.2-compliant version of Outlook will not be available until October 2018 at the earliest.

Preferred solution

To allow Outlook to connect TLS over 1.2 and retain PCI compliance, we recommend using IIS Crypto, a free tool from Nartac Software.

Alternative solution

This PCI-compliant solution allows Outlook to connect over TLS 1.1 and 1.2, but involves making changes to your Windows registry. 

If you are uncomfortable changing your registry, or prefer an alternative, we recommend IIS Crypto, a free tool from Nartac Software.

ATTENTION: This solution requires Windows Server 2008 R2 or Windows 7, or newer, and administrative access.

ATTENTION: This solution has not been tested on all configurations and your results may vary. For additional options, see the Other resources section.

  1. In the Windows Start menu, either in the RunBox or the SearchBox, type regedit and press Enter.

  2. Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols.
  3. Under Protocols, add two new keys if not already present: TLS 1.1 and TLS 1.2 . To create a key, select Edit > New > Key from the main menu. Inside each key, add another key, Client .
  4. For the client key under TLS 1.1, right-click on the right pane. Select New > DWORD (32-bit) Value.
  5. Create a DWORD value called DisabledByDefault using the default value of 00000000.
  6. Repeat Steps 4 - 5 for the client key under TLS 1.2.

  7. Restart the machine and launch Outlook, which should now connect to a server running only TLS 1.1 or 1.2.

Other resources


For 24-hour assistance any day of the year, contact our support team by email or through your Client Portal.

Jason Dobry
We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.