Overview
MailEssentials supports both Transport Layer Security (TLS) and Secure Sockets Layer (SSL) SMTP servers, both of which are widely used encryption protocols for secure email messaging.
As SSLv3 is vulnerable and not secure to use, it is recommended to enable TLS configuration on your Windows Server 2008 R2 and Internet Information Service (IIS) 7.5.
Enabling TLS Configuration on IIS/SMTP Server provides the procedure to enable TLS configuration directly from the Windows registry editor. This article provides a safer way to enable the same security protocols using a 3rd party tool known as IIS Crypto.
Solution
IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2008, 2012, 2016 and 2019.
It also lets you reorder SSL/TLS cipher suites offered by IIS, change advanced settings, implement Best Practices with a single click, create custom templates, and test your web application.
Proceed to configure the desired Windows server security protocols by following these steps:
- Download IISCrypto.exe from https://www.nartac.com/Products/IISCrypto/
-
Run IISCrypto.exe
-
Configure the desired security protocols to be supported by the host by ticking the desired checkbox as shown below:
-
Apply and accept the prompt to reboot the server.
Confirmation
Verify that your server now supports TLS 1.2 protocol by following the below steps:
- Click the Windows button on the lower left-hand corner of your Desktop.
- Type "Internet Options" and select Internet Options from the list.
- Click on the Advanced tab and from there scroll down to the very bottom. Confirm that TLS 1.2 is checked.
You may also refer to this 3rd party online check to validate the SMTP TLS configuration: CheckTLS.com
Related Articles