WHAT HAS CHANGED WITH THE DEPRECATION OF TLS 1.0 & 1.1?
On computers running Windows 7 & Windows 8.0, applications such as Outlook, Word, etc., only support TLS v1.0 & v1.1. Therefore, since our servers will not support these deprecated versions of TLS protocol, should a secure connection from a client such as Outlook to a Papaki server be attempted, the following error message will appear:
"Your server does not support the connection encryption type you have specified"
WHAT SHOULD YOU DO?
If the operating system you are using is Windows 7, we recommend that you upgrade to Windows 8.1 or 10, as Microsoft itself has stopped supporting them. Doing the upgrade does not require any of the following actions. Otherwise, if this is not possible, you will need to follow the steps described below.
STEPS TO ACTIVATE TLS v1.2 IN WINDOWS 7
If you are using Outlook and have Windows 7, you will need to enable TLS v1.2 by following these steps.
At first, it is necessary to install Windows update KB3140245. You can either install it through Windows Update where it is available as an Optional Update, or download it from the Microsoft Update Catalog.
Next you will need to download and install the MicrosoftEasyFix51044.msi file on your computer, which can be found here in the section labeled "Easy fix".
Alternatively, you can follow the instructions available on the section "How the DefaultSecureProtocols registry entry works" of the article mentioned above, in order to manually modify the registry entry of your computer.
1. Click on the Start button located on the status bar. In the search field type regedit and press Enter.
2. Click on the Yes button to allow the program to make changes on this computer
3. The Registry Editor windows will open.
4. In the left menu, follow the path below:
In the Protocols folder you will see the protocol that is enabled on your system. In our case it is SSL 2.0.
5. To enable TLS 1.2, right-click on the Protocols folder. Select New option >> Key.
6. Type the name TLS 1.2 and press Enter.
7. Then right-click on the folder named TLS 1.2 and select New >> Key.
8. Rename the new key with the name Client and press Enter.
9. Again right-click the Client key and this time select New >> DWORD Value (32-bit)
10. Rename the new value and type DisabledByDefault
11. Double click the DisabledByDefault and on the new window opens ensure that the Value data is set to 0 and the Base is Hexadecimal. Click OK.
12. Repeat the process by right-clicking on the Clients folder and creating another DWORD (32-bit) named Enabled.
13. Double click the Enabled and on the new window opens, ensure that the Value data is set to 0 and the Base is Hexadecimal. Click OK.
14. Once you’re done close the registry editor window and make sure to reboot your machine in order to make changes effective. After the reboot your system will be able to communicate with the TLS 1.2.
In Outlook you will need to make the following changes in the settings of your email account:
1. Once you start Outlook 2007, from the Tools menu select Accounts Settings.
2. Double-Click the E-mail account you would like to make the changes.
3. In the window that will open the following setting you should set.
Your Name: Type your name, eg. email@example.com
Email Address: Type you email address eg. firstname.lastname@example.org
Account Type: here you will see your account type (IMAP / POP3)
Incoming Mail Server: type the incoming mail server that corresponds to your account (eg linux12.papaki.gr - see below how you can find this value)
Outgoing Mail Server (SMTP): type the incoming mail server that corresponds to your account (eg linux12.papaki.gr - see below how you can find this value)
User Name: Enter your full email address eg email@example.com
Password: Fill in the password that corresponds to your email
NOTE: The value of Incoming & Outgoing Mail Server can be found upon connecting to your Plesk panel, it is appeared at the top of the screen, in the URL bar of your browser, eg linux12.papaki.gr. Caution, do not copy port 8443.
4. Click the More Settings button.
5. On the Advanced tab, you should fill the settings as follows:
Incoming Server: In the case of IMAP, set the secure port 993. In the case of POP3, set the secure port 995.
Use the following type of encrypted connection: choose SSL
Outgoing Server (SMTP): Set the secure port 465 or 587
- Use the following type of encrypted connection: In the case of 465 port, choose SSL. In case of 587 port, choose TLS.
6. Go to the Outgoing Server tab. Enable the option My outgoing server (SMTP) requires authentication and choose Use same settings as my incoming email server.
7. Click OK.
8. In the Internet E-mail Settings window that you will return, click the Next button.
9. Click the Finish button.