My issue with Database Mail not sending messages through TLS 1.2 has been fixed with reference to article https://www.itnota.com/enabling-tls-1-2-default-security-protocol-windows-servers/ referenced above (Thanks RyanW96). In my case, SQL Server 2014 sp3 is installed on a Windows 2019 Enterprise VM. In both cases, everything I read about TLS 1.2 said that my system should be able to send over TLS 1.2, but it was sending at TLS 1.0.
Adding the registry keys mentioned in this article in addition to adding a few other keys that were not present, Database mail is now sending through TLS 1.2. The keys I added are as follows (I had to add all of these keys since the only thing under SCHANNEL was SSL 2.0:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Security\Providers\SCHANNEL\Protocols\TLS 1.0\Server\ and \Client\
DWORD = DisableByDefault - set to 1
DWord = Enabled - set to 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Security\Providers\SCHANNEL\Protocols\TLS 1.1\Server\ and \Client\
DWORD = DisableByDefault - set to 1
DWord = Enabled - set to 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Security\Providers\SCHANNEL\Protocols\TLS 1.2\Server\ and \Client\
DWORD = DisableByDefault - set to 0
DWord = Enabled - set to 1
Added DWORD keys as shown below:
HKey_LOCAL_MACHINE\SOFTWARE\Microsoft\.NetFramework\v2.0.50727
Added Dword - SystemDefualtTLSVersions - set to 1
Added Dword - SchUseStrongCrypto - set to 1
HKey_LOCAL_MACHINE\SOFTWARE\Microsoft\.NetFramework\v4.0.30319
Added Dword - SystemDefualtTLSVersions - set to 1
Added Dword - SchUseStrongCrypto - set to 1
Added DWORD keys as shown below (for 64-bit OS):
HKey_LOCAL_MACHINE\SOFTWARE\Microsoft\.NetFramework\v2.0.50727
Added Dword - SystemDefualtTLSVersions - set to 1
Added Dword - SchUseStrongCrypto - set to 1
HKey_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NetFramework\v4.0.30319
Added Dword - SystemDefualtTLSVersions - set to 1
Added Dword - SchUseStrongCrypto - set to 1
Added the following Keys and Dword (this key was not present)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InternetSettings\WinHTTP
DWORD = DefaultSecureProtocols - set to 800
Added the following Keys and Dword (for 64-bit OS)
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\InternetSettings\WinHTTP
DWORD = DefaultSecureProtocols - set to 800
Reboot the SQL Server after adding all of these keys. Test using Database Mail.