Overview 

• GFI MailEssentials supports both, Transport Layer Security (TLS) and Secure Sockets Layer (SSL) SMTP servers.
• As SSLv3 is vulnerable and not secure to use, it is recommended to enable TLS configuration on your Windows Server 2008 R2 and Internet Information Service (IIS) 7.5.

Important Note: If you are unsure about securely performing the steps mentioned in this article, always make a backup before making any changes or reach out to GFI support for more help.

Process

Follow these steps to enable:

1. Take a backup of the registry before making any changes.
2. Enable TLS 1.2 on Windows by manually updating the registry files.
   
   1. Open registry on the server by running regedit in the run window.
   2. Navigate to the below location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
   3. Add the TLS 1.1 and TLS 1.2 keys under Protocols:
      1. Right-click Protocols,
      2. Select New > Key
      3. Name the key TLS 1.1
      4. Similarly, create another key with the name TLS 1.2
      
      
      
      
   4. Create two keys Client and Server under both TLS keys.
   5. Create the DWORD (32-bit) values under Server and Client key as follows:
      DisabledByDefault [Value = 0]
Enabled [Value = 1]

      
      

3. Disable TLS and SSL older versions:
   1. Open registry on your server by running regedit in the run window.
   2. Navigate to the below location:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
   3. Now change DWORD values under Server and Client under TLS 1.0, SSL 3.0, and older SSL version keys:
DisabledByDefault [Value = 0]
Enabled [Value = 0]
      
      
4. Reboot the server.
   
   
5. Verify that your server now supports TLS 1.2 protocol.

Additional Information