SSL not working for Email clients like Outlook

Starting in cPanel version 68, it changed the default SSL protocols used for various system services to only use TLS 1.2.

This can cause some incompatibility with outdated operating systems and email clients such as Outlook on Windows 7, and Apple Mail on OS X 10.11 “El Capitan” and older as they do not support newer versions of TLS “out of the box”. TLS 1.2 support was not added to the Windows operating system by default until Windows 8.1 and Apple did not add full support until 10.12 “Sierra”.

TLS Changes in Version 68

While cPanel makes every effort to ensure our product is as secure as possible, this does mean older operating systems and mail clients will be affected.

Please keep in mind this is not a defect or an issue with cPanel, but an incompatibility with outdated client software. Updating the client software to support TLS 1.2 will help maintain overall security.

There are two options to help resolve the issues you are currently facing. Please note that Option 1 is the recommended solution.

1 – (RECOMMENDED)

The most straightforward way to resolve this issue is to either upgrade to a supported operating system, or utilize a mail client that uses modern security protocols.

Windows 8.1 and newer, as well as MacOS 11.12 “Sierra” and newer fully support the newer ciphers and protocols which will allow fully secure connections. In the case of Apple, they are providing free operating system updates and there would be no cost to your end-users. This is the preferred option as it increases the security of your user’s systems while keeping your system secure at the server level.

Other email clients such as the free and open-source Thunderbird client by the Mozilla foundation offer full support of modern TLS protocols, even on older machines running Windows 7 or OS X 10.11.

Installing this and using it to connect to your email server rather than Outlook should allow your clients to receive mail locally on their computers without having to use insecure methods. You can read more about and download Thunderbird from their website here:

https://www.mozilla.org/en-US/thunderbird/

2 – (NOT RECOMMENDED)

To enable TLS 1.2 for Windows 7, you will need to patch your system to modify the registry. Be sure your system is fully updated through the update center, then download and install the patch from Microsoft’s website here:

https://docs.microsoft.com/en-us/archive/blogs/schrimsher/enabling-tls-1-1-and-1-2-in-outlook-on-windows-7

After the patch is installed, be sure to reboot your local computer to ensure the patch was applied. Once your system is back online, please try to connect to the cPanel server again.

Please note that this option is NOT available for Apple OSX computers.


Was this article helpful?

mood_bad Dislike 0
mood Like 1
visibility Views: 1055