Learn the workaround for versions of Outlook not compatible with TLS 1.0.
Most web hosts have disabled the obsolete security protocol, TLS 1.0, and Microsoft Outlook requires v. 1.0 to connect on some versions of Windows. A 1.1/1.2-compliant version of Outlook will not be available until October 2018 at the earliest.
To allow Outlook to connect TLS over 1.2 and retain PCI compliance, we recommend using IIS Crypto, a free tool from Nartac Software.
This PCI-compliant solution allows Outlook to connect over TLS 1.1 and 1.2, but involves making changes to your Windows registry.
If you are uncomfortable changing your registry, or prefer an alternative, we recommend IIS Crypto, a free tool from Nartac Software.
ATTENTION: This solution requires Windows Server 2008 R2 or Windows 7, or newer, and administrative access.
ATTENTION: This solution has not been tested on all configurations and your results may vary. For additional options, see the Other resources section.
- In the Windows Start menu, either in the RunBox or the SearchBox, type regedit and press Enter.
- Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols.
- Under Protocols, add two new keys if not already present: TLS 1.1 and TLS 1.2 . To create a key, select Edit > New > Key from the main menu. Inside each key, add another key, Client .
- For the client key under TLS 1.1, right-click on the right pane. Select New > DWORD (32-bit) Value.
- Create a DWORD value called DisabledByDefault using the default value of 00000000.
- Repeat Steps 4 - 5 for the client key under TLS 1.2.
- Restart the machine and launch Outlook, which should now connect to a server running only TLS 1.1 or 1.2.
- IIS Crypto, by Nartac Software
- "Enabling TLS 1.1 and 1.2 in Outlook on Windows 7," Microsoft Technet
- "Update to enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP in Windows," Microsoft Support Center