Registry settings to enable TLS v1.1 and TLS v1.2 support for EWS

In Kofax Import Connector, for EWS to send TLS v1.1 and TLS v1.2 confirming requests and messages to Microsoft Exchange server, modify/add specific registry keys for both client (Message Connector) and Exchange Server.

Initially, you must install the required .NET Framework 3.5.1 updates to enable TLS v1.1 and TLS v1.2. Use the appropriate links from the following table to upgrade .NET Framework for the applicable Operating System in use.

Operating System (Server/Client) Web link
Windows Server 2012 3154519
Windows 8.1 and Windows Server 2012 R2 3154520
Windows 10, version 1511 3156421
If the .NET Framework update is already installed or if the update is not required (in case a higher version of .NET Framework is already installed which support TLS v1.1 and TLS v1.2), following error is displayed The update is not applicable to your computer.

To enable TLS, do the following for:

Enable TLS v1.1 and TLS v1.2 for Message Connector

To enable TLS v1.1 on a computer where Message Connector is installed, add or modify the following registry sub keys.

Operating System type Registry path Sub key Type Description
64-bit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 SystemDefaultTlsVersions dword Set this sub key value to 1
64-bit HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727 SystemDefaultTlsVersions dword Set this sub key value to 1
32-bit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 SystemDefaultTlsVersions dword Set this sub key value to 1
32-bit/64-bit HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client DisabledByDefault dword Set this sub key value to 0.
32-bit/64-bit HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client Enabled dword Set this sub key value to 1.

To enable TLS v1.2 on a computer where Message Connector is installed, add or modify the following registry sub keys.

Operating System type Registry path Sub key Type Description
64-bit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 SystemDefaultTlsVersions dword Set this sub key value to 1
64-bit HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727 SystemDefaultTlsVersions dword Set this sub key value to 1
32-bit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 SystemDefaultTlsVersions dword Set this sub key value to 1
32-bit/64-bit HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client DisabledByDefault dword Set this sub key value to 0.
32-bit/64-bit HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client Enabled dword Set this sub key value to 1.

Enable TLS v1.1 and TLS v1.2 for Exchange Server

To enable TLS v1.1 on a computer where Microsoft Exchange Server is running, add or modify the following registry sub keys.

Operating System type Registry path Sub key Type Description
32-bit/64-bit HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client DisabledByDefault dword Set this sub key value to 0.
32-bit/64-bit HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client Enabled dword Set this sub key value to 1.
32-bit/64-bit HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server DisabledByDefault dword Set this sub key value to 0.
32-bit/64-bit HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server Enabled dword Set this sub key value to 1.

To enable TLS v1.2 on a computer where Microsoft Exchange Server is running, add or modify the following registry sub keys.

Operating System type Registry path Sub key Type Description
32-bit/64-bit HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client DisabledByDefault dword Set this sub key value to 0.
32-bit/64-bit HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client Enabled dword Set this sub key value to 1.
32-bit/64-bit HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server DisabledByDefault dword Set this sub key value to 0.
32-bit/64-bit HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server Enabled dword Set this sub key value to 1.
  • Both server and client (Message Connector) sub keys must be enabled at Exchange Server. After enabling the keys, restart the computer.
  • To support this feature on Exchange Server 2013, install all the latest updates available for Exchange Server 2013. Additionally, for Exchange Server 2013, install the CU16 update. Also, it is recommended that latest updates for all exchange servers must be installed.