The information contained here explains the process for configuring Microsoft Windows 7 workstation as well as Microsoft Outlook 2010 email clients, so that TLS (Transport Layer Security) protocol version 1.2 could be used by these.
Let us quickly touch upon a few important points before getting down to the nitty-gritty. These are as follows:
Only TLS protocol version 1.2 is supported in cPanel & WHM version 68. TLSv1.2 is enabled by default.
Only those applications are supported that use TLSv1.2. Hence, it is strongly recommended that TLSv1.2 is enabled on your server.
The instructions that will be mentioned here are for those servers that run Windows 7 OS (Operating System).
It is recommended that you do not adjust the settings for cipher and protocol for the Exim and Dovecot services on Windows 7. Due to unpatched security vulnerabilities that exist in Outlook 2007 and Outlook 2010, servers on this OS fail PCI compliance scans.
Before elaborating on the process regarding configuration, let us touch upon web servers, briefly, for the benefit of the readers.
Web Servers
Web Servers are a type of servers that store and process the files of websites. When these files are delivered to the Internet connected devices of users, then websites become accessible. Web servers are provided by web hosting companies through various web hosting plans. The service of web hosting is essential for websites to remain accessible, and up and running without any problem. Web hosting can be of many types, such as shared, reseller, VPS, dedicated, cloud, WordPress, etc. The most reputable web hosting companies are usually referred to as the “Best Windows Shared Hosting Company”, the “Best Linux Dedicated Hosting Company”, the “Top Cloud Hosting Company”, etc. depending on the type of web hosting service.
The Configuration Process
You need to follow the below-mentioned process sequentially in order to carry out the configuration successfully.
Install Windows Update
You need to download and then install the KB3140245 Windows update from the Microsoft Update Catalog. The registry key paths in which new registry keys will be created, are created by this update. These registry keys allow the enabling of TLSv1.2 on your server.
You must restart your computer after downloading and installing the update. This lets the changes take effect.
Add a Registry Key for Windows HTTP Services
You need to carry out the following steps for adding a registry key for Windows HTTP services:
Enter regedit.exe in the text box, Search, from the Windows Start menu.
Click regedit.exe to open the Registry Editor.
Navigate to the below-mentioned registry path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Select the WinHttp key.
Click Edit from the Menu bar.
Select New.
Click DWORD (32-bit) Value. On 64-bit systems, click QWORD (64-bit) Value.
Enter DefaultSecureProtocols as the name for the DWORD value.
Right-click the file, and then select Modify from the Context menu.
Enter A00 in the text box, Value Data.
Click OK.
It needs to be specifically mentioned here that if your workstation runs on a 64-bit system, then you need to carry out the steps from 7 to 11 that have been mentioned above, for the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
Add a Registry Key for the TLS Directories
For adding registry keys for TLS versions 1.1 and 1.2, you have to carry out the below-mentioned steps:
Navigate to the following registry path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1
Select the Client key.
Click Edit from the Menu bar.
Select New.
Click DWORD (32-bit) Value. On 64-bit systems, click QWORD (64-bit) Value.
Enter DisabledByDefault as the name for the DWORD value.
Right-click the file.
Select Modify from the Context menu.
Enter 0 in the text box, Value Data.
Click OK.
Navigate to the TLS1.2 registry path.
Open the Client key.
Repeat the steps from 2 to 9.
Click OK.
Apply the Settings
You need to restart your workstation after modifying your registry keys. Next, you should create a test email account in Microsoft Outlook, when your workstation restarts. Now you need to configure the below-mentioned settings in the Advanced section of Microsoft Outlook’s interface for Internet E-Mail Settings.
Enter 993 in the Incoming Server (IMAP) text box or enter 995 in the Incoming Server (POP3) text box.
Enter 465 in the Outgoing Server (SMTP) text box.
Click OK.
Now your Microsoft Outlook account will successfully connect to the mail services of your cPanel server.
Installation Scripts
There are two scripts that automatically perform the actions that have been described here.
You need to follow the below-mentioned steps in order to use those scripts.
You need to open the Windows PowerShell application.
Then you should navigate to the directory of your choice.
Create the install-kb.ps1 and tls-reg-edit.ps1 files.
Open the install-kb.ps1 file with a text editor.
Now you need to add certain information.
Next you have to open the tls-reg-edit.ps1 file with a text editor.
Here too you have to add certain information.
Run the scripts from the directory where you saved the files.
Restart your workstation for the changes to take effect.
Comments