Questions? We're happy to help

  • Support
  • /What is TLS 1.2 and how do I use it?

What is TLS 1.2 and how do I use it?

When you use an e-mail client it is possible that you receive an error message:

  • This server does not support any authentication method that is supported by this client
  • The server does not support the encryption you specified for the connection. Use a different encryption method.
  • CFNetwork SSL Handshake failed

The cause of this is in nine out of ten cases the TLS version that is installed on the system on which you use the e-mail. In this article we explain what TLS (1.2) is and how you can resolve the error messages related to TLS1.2.

What is TLS?

TLS, or Transport Layer Security, is an encryption protocol. This protocol is used for securing web traffic. TLS versions 1.0 and 1.1 use cryptographic hashes, this security however was proven unsafe, so TLS1.2 has been developed. TLS1.2 uses SHA-256 and other techniques to increase security compared to the older TLS versions.

Supporting the TLS protocol is controlled by the operating system of your computer or mobile device in combination with the e-mail client. For example, the e-mail client Outlook 2016 in combination with Windows 10 does support TLS1.2, but e-mail client Outlook 2016 in combination with Windows 7 does not.

Why does Neostrada only support TLS1.2?

TLS versions 1.0 and 1.1 were declared End Of Life (EOL) on 30 June 2018. Neostrada has chosen to keep TLS1.1 in use for some time to give users the time to update their operating systems or switch to new e-mail clients. At the start of 2019, all Neostrada servers were migrated to the new platform. At the same time as this migration, the remaining outdated TLS versions were disabled.

How can I install or bypass TLS1.2?

The error in your e-mail client often has to do with an outdated operating system. It is therefore important that you update your operating system to enable TLS support, or use another e-mail client that has built in TLS1.2.

Operating system and mail client

If you use an operating system or e-mail client that is older than the version that we indicate in the following list, it does not support TLS version 1.2. It is therefore important that you update your software when you want to use e-mail.

  • Windows 8.1 or older. For an update we refer to the Microsoft website
  • Outlook 2013 or older. For an update we refer to the website of Outlook
  • Windows Live Mail (all versions as far as we know). For an update of Windows Live Mail you will need to update Windows, sadly since 2017 Windows Live Mails reach end Of Life status and doens't receive any updates
  • MacOS 10.13 (High Sierra) or older. For an update we refer to the Apple support page
  • Apple Mail 9.3 or older. For an update of the Apple Mail e-mail client you need to perform the MacOS update
  • Android KitKat (4.4) or older. For an update we refer to the phone manufacturer. Some versions newer than Android KitKat also do not support TLS version 1.2, if you experience this issue on newer devices we refer to the phone manufacturer.
  • iOS version 9 or older. For an update we refer to the Apple support page

Are you experiencing TLS issues on a device not mentioned in this list? Contact [email protected] to the attention of Knowledgebase TLS 1.2.

Mozilla Thunderbird

Updating an operating system is of course quite a hassle. Alternatively you can use the free e-mail client Mozilla Thunderbird. This client has built-in support for TLS version 1.2, so it is not highly dependant on the operating system. For more information about Mozilla Thunderbird we refer to the Thunderbird website.

Windows

Windows 7 and 8 do not support TLS version 1.2 by default, but this can be installed by making some changes in the Windows registry. An important stipulation is that if you use Windows 7, Service Pack 1 or higher is required for this guide to work.

Important: Making changes in the Windows Registry is a highly advanced method to install TLS versions that can cause irreparable damage to your computer. The following steps are at your own risk.

Step 1: Install the latest Windows update.

Step 2: Install KB3140245 through the Microsoft Update catalogue. Reboot your computer when this is done.

Step 3: Follow the steps from Microsoft concerning EasyFix. Reboot your computer when this is done.

Step 4: Open the Windows Start menu, and search Execute. Open this program.

Step 5: Enter Regedit and click Enter, you have now arrived in the Windows Registry.

Step 6: Search for this key, located under the Protocols key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols

In this key add the following two keys if they do not exist yet: TLS 1.1 & TLS 1.2

In these keys, add another key named Client. Give this key a DWORD with the value of 00000000

Step 7: Reboot your e-mail client (such as Outlook). You should now be able to send and receive e-mail on older Windows versions.

Does my Cloud VPS server support TLS1.2?

When you purchase a Cloud server from Neostrada with a Managed package, your Cloud is automatically updated. Clouds in combination with cPanel version 80 or higher only use TLS version 1.2. Although it is technically possible to re-enable the outdated, unsafe, TLS protocols. We do not recommend enabling the older TLS versions and do not provide support on this.

Are you using a Cloud, but you don't have automatic updates yet? Contact [email protected] to discuss the possibilities!
 

This knowledgebase article was last updated on: 15 October 2019

Did this article help you?

Contact

[email protected]

[email protected]

[email protected]

Status

Ga naar onze statuspagina voor een overzicht van recente storingen en onderhoud.

Opening hours

Maandag — vrijdag 9:00 — 17:00