Version 1.0 of the TLS protocol is no longer considered secure. As such it needs to be disabled on servers that want to have PCI compliance. (Payment Card Industry Data Security Standards {PCI-DSS, or PCI for short} is a set of compliance regulations adopted by major financial institutions such as VISA, Mastercard, American Express, and Discover). Our Khimaira/GreenEarthHost servers are PCI compliant, which is why TLS 1.0 is not an option for users. Transport Layer Security (TLS) is a protocol that provides privacy and data integrity between two communicating applications. It's the most widely deployed security protocol used today and is used for email, web browsers, and other applications that require data to be securely exchanged over a network. We are using TLS 1.2 as 1.1 has also been deprecated.
On older systems using Windows 7 and Windows 8.0, the applications built on WinHTTP (Windows HTTP Services) such as Outlook, Word, etc. only support TLS 1.0. As a result of this, if you try to establish a secure connection from your Outlook client to a Khimaira/GreenEarthHost server, Outlook will display an error message "your server does not support the connection encryption type you have specified".
If you want to continue using the older systems, in order to resolve this and allow your Outlook to communicate securely to the Khimaira/GreenEarthHost server using TLS 1.1 and TLS 1.2, you have to do the following:
- Install the Windows update KB3140245, either through Windows Update where it is available as an Optional Update, or download it from the Microsoft Update Catalog.
- Download the file MicrosoftEasyFix51044.msi from this page and install it on your computer.
The file is available for download in the section labeled Easy fix on the above-mentioned page toward the bottom. If the easy fix option is not suitable for you and you prefer to edit the registry of your computer manually, the article also provides that information in the section "How the Default Secure Protocols registry entry works".
Apply the settings.
After you modify your registry keys, you must restart your workstation to apply the registry settings. When your workstation restarts, create a test email account in Microsoft Outlook and configure the following settings in the Advanced section of Microsoft Outlook's Internet E-Mail Settings interface:
If using IMAP for your mail Enter 993 in the Incoming Server box
Enter 465 as the port for Outgoing Server (SMTP) text box
If using POP3 Enter 995 in the Incoming Server box
Enter 465 as the port for Outgoing Server (SMTP) text box
After you finish, click OK. Your Microsoft Outlook account should successfully connect to your server's mail services.