Welcome > Advanced features > Registry settings to enable TLS v1.1 and TLS v1.2 support for EWS
In Kofax Import Connector, for EWS to send TLS v1.1 and TLS v1.2 confirmingrequests and messages to Microsoft Exchange server, modify/add specific registry keys for both client (Message Connector) and Exchange Server.
Initially, you must install the required .NET Framework 3.5.1 updates to enable TLS v1.1 and TLS v1.2. Use the appropriatelinks from the following table to upgrade .NET Framework for the applicable Operating System in use.
Operating System (Server/Client) | Web link |
---|---|
Windows Server 2012 | 3154519 |
Windows 8.1 and Windows Server 2012 R2 | 3154520 |
Windows 10, version 1511 | 3156421 |
Note If the .NET Framework update is already installed or if the update is not required (in case a higher version of .NETFramework is already installed which support TLS v1.1 and TLS v1.2), following error is displayed The update is not applicable to your computer.
To enable TLS, do the following for:
Enable TLS v1.1 and TLS v1.2 for Message Connector
To enable TLS v1.1 on a computer where Message Connector is installed, add or modify the following registry sub keys.
Operating System type | Registry path | Sub key | Type | Description |
---|---|---|---|---|
64-bit | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 | SystemDefaultTlsVersions | dword | Set this sub key value to 1 |
64-bit | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727 | SystemDefaultTlsVersions | dword | Set this sub key value to 1 |
32-bit | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 | SystemDefaultTlsVersions | dword | Set this sub key value to 1 |
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client | DisabledByDefault | dword | Set this sub key value to 0. |
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client | Enabled | dword | Set this sub key value to 1. |
To enable TLS v1.2 on a computer where Message Connector is installed, add or modify the following registry sub keys.
Operating System type | Registry path | Sub key | Type | Description |
---|---|---|---|---|
64-bit | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 | SystemDefaultTlsVersions | dword | Set this sub key value to 1 |
64-bit | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727 | SystemDefaultTlsVersions | dword | Set this sub key value to 1 |
32-bit | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 | SystemDefaultTlsVersions | dword | Set this sub key value to 1 |
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client | DisabledByDefault | dword | Set this sub key value to 0. |
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client | Enabled | dword | Set this sub key value to 1. |
Enable TLS v1.1 and TLS v1.2 for Exchange Server
To enable TLS v1.1 on a computer where Microsoft Exchange Server is running, add or modify the following registry sub keys.
Operating System type | Registry path | Sub key | Type | Description |
---|---|---|---|---|
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client | DisabledByDefault | dword | Set this sub key value to 0. |
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client | Enabled | dword | Set this sub key value to 1. |
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server | DisabledByDefault | dword | Set this sub key value to 0. |
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server | Enabled | dword | Set this sub key value to 1. |
To enable TLS v1.2 on a computer where Microsoft Exchange Server is running, add or modify the following registry sub keys.
Operating System type | Registry path | Sub key | Type | Description |
---|---|---|---|---|
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client | DisabledByDefault | dword | Set this sub key value to 0. |
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client | Enabled | dword | Set this sub key value to 1. |
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server | DisabledByDefault | dword | Set this sub key value to 0. |
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server | Enabled | dword | Set this sub key value to 1. |
Note
- Both server and client (Message Connector) sub keys must beenabled at Exchange Server. After enabling the keys, restart the computer.
-
To support this feature on Exchange Server 2013, install all the latest updates available for Exchange Server 2013. Additionally, for Exchange Server 2013, install the CU16 update. Also, it is recommended that latest updates for all exchange servers must be installed.