How to enable TLS 1.1 and TLS 1.2 on Windows 7 and deal with Outlook encryption type errors

Basically Windows 7 is end of life 2020. Some users insist on still using it or don’t want to pay for upgrades, because actually, IT help is in short supply and often so is money.

This leaves WHM system administrators to deal with obscure Outlook 2013 errors, such as the following:

“Send test e-mail message: Your server does not support the connection encryption type you have specified. Try changing the encryption method. Contact your mail server administrator or Internet service provider (ISP) for additional assistance.”

Spoiler Alert! Port 587 STARTTLS will not work. Port 465 SSL will not work.


Technically you could fix it on the WHM side but the Windows 7 client is severely outdated so it makes more sense to implement a workaround on that side.

The workaround is to enable TLS 1.1 and TLS 1.2 in the registry on Windows 7. That way, outgoing SMTP on port 587 STARTTLS will work.

When you’re done with this procedure, you’ll have the two extra keys below (SSL 2.0 should already be there):


The procedure is in regedit is:

For TLS 1.1

Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
DWORD name: DisabledByDefault
DWORD value: 0

You can use 32-bit DWORD.

For TLS 1.2

Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
DWORD name: DisabledByDefault
DWORD value: 0

After doing both new keys, you have to restart Outlook for it to work.

Microsoft Article

Additional Reference

Share this article

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top