New opt-in endpoint available for SMTP AUTH clients still needing legacy TLS

Published Aug 18 2021 02:11 AM 177K Views

Update (Feb 2022): We have started to disable TLS1.0 and TLS1.1 for the default SMTP AUTH endpoints. If you have clients that can’t use TLS1.2, they should be configured to use the opt-in legacy endpoint by now.

Exchange Online ended support for TLS1.0 and TLS1.1 in October 2020. We know that the push to meet our security and compliance requirements has made it difficult to support legacy clients and devices that use our service. A balance is needed in a shared service that hosts the emails of local bakeries as well as many countries’ governments.

While no longer supported, our servers still allow clients to use those older versions of TLS when connecting with Exchange Online. However, we have warned our customers that we can disable them at any time without further warning.

In 2022, we plan to disable those older TLS versions to secure our customers and meet compliance requirements. However, due to significant usage, we’ve created an opt-in endpoint that legacy clients can use with TLS1.0 and TLS1.1. This way, an organization is secured with TLS1.2 unless they specifically decide to opt for a less secure posture Note that only WW customers will be able to use this new endpoint. Customers in US Government clouds have higher security standards and will not be able to opt-in to use older versions of TLS.

To take advantage of this new endpoint, admins will have to:

  1. Set the AllowLegacyTLSClients parameter on the Set-TransportConfig cmdlet to True.
  2. Legacy clients and devices will need to be configured to submit using the new endpoint smtp-legacy.office365.com

While the change to stop support for TLS1.0 and TLS1.1 for the regular endpoint (smtp.office365.com) will happen in 2022, we’re giving our customers advanced notice to start configuring clients that they have not been able to upgrade or update to use TLS1.2. During the long effort to deprecate the legacy TLS versions, we have documented how to identify mailboxes that are still using them here: Investigating TLS usage for SMTP in Exchange Online.

For customers who would like to force the use of TLS1.2 early, they can do so by setting the AllowLegacyTLSClients parameter to False.

New submission error speedbump to be introduced

We are fully aware that many customers will not have noticed the multiple Message Center posts and blog posts, and are not aware of clients or devices that are still using TLS1.0 to submit messages. With this in mind, starting in September 2021, we will reject a small percentage of connections that use TLS1.0 for SMTP AUTH. Clients should retry as with any other temporary errors that can occur during submission. Over time we will increase the percentage of rejected connections, causing delays in sending that more and more customers should notice. The error will be:

421 4.7.66 TLS 1.0 and 1.1 are not supported. Please upgrade/update your client to support TLS 1.2. Visit https://aka.ms/smtp_auth_tls.

We intend to make a final announcement when we are ready to make the change to disable TLS1.0 and TLS1.1 for SMTP AUTH for the regular endpoint.

Additional documentation can be found here: Opt-in to Exchange Online endpoint for legacy TLS clients using SMTP AUTH

Exchange Transport Team

26 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-2660775%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2660775%22%20slang%3D%22en-US%22%3E%3CP%3EPowershell%20commands%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAudit%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3EGet-TransportConfig%20%7C%20select%20AllowLegacyTLSClients%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3ETo%20disable%20legacy%20TLS%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3ESet-TransportConfig%20-AllowLegacyTLSClients%20%24false%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3ETo%20enable%20legacy%20TLS%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3ESet-TransportConfig%20-AllowLegacyTLSClients%20%24true%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2662523%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2662523%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20information%20about%20the%20alternate%20endpoint%20should%20be%20added%20to%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fsmtp_auth_tls%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2Fsmtp_auth_tls%3C%2FA%3E%26nbsp%3Bsince%20that's%20the%20error%20message%20they're%20going%20to%20see%20in%20the%20logs.%20Not%20all%20orgs%20will%20choose%20to%20enable%20it%2C%20but%20for%20those%20that%20do%2C%20having%20the%20endpoint%20name%20be%20available%20in%20the%20information%20page%20will%20help%20people%20who%20are%20trying%20to%20submit%20have%20an%20immediate%20action%20they%20can%20take%20to%20get%20mail%20flowing%20again.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2662747%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2662747%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3BGreat%20info.%20Was%20actually%20doing%20this%20research%20today%20for%20a%20customer%20and%20wondered%20why%20SMTP%20AUTH%20Clients%20were%20using%20TLS%201.0%2F1.1%20still%20since%20I%20thought%20it%20already%20was%20disabled%20for%20all%20tenants%20-%20this%20explains%20why.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20we%20do%20see%20other%20accounts%20showing%20up%20accessing%20Exchange%20Online%20in%20the%20TLS%20Deprecation%20Report.%20I%20assume%20these%20are%20all%20the%20other%20protocols%20than%20just%20SMTP%20AUTH%3F%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fservicetrust.microsoft.com%2FAdminPage%2FTlsDeprecationReport%2FDownload%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fservicetrust.microsoft.com%2FAdminPage%2FTlsDeprecationReport%2FDownload%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3ECare%20to%20comment%20if%20these%20also%20will%20be%20blocked%20in%202022%20or%20earlier%20without%20any%20further%20notice%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2669403%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2669403%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1131723%22%20target%3D%22_blank%22%3E%40devinganger%3C%2FA%3E%26nbsp%3BYes%2C%20we%20were%20waiting%20for%20this%20blog%20post%20to%20get%20published%20so%20that%20we%20could%20point%20it%20here.%20It%20has%20already%20been%20updated.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F19218%22%20target%3D%22_blank%22%3E%40Jonas%20Back%3C%2FA%3E%26nbsp%3BCorrect%2C%20that%20report%20shows%20other%20client%20protocols.%20We%20do%20not%20have%20anymore%20information%20about%20the%20other%20protocols%20but%20they%20will%20have%20also%20have%20TLS1.0%20and%20TLS1.1%20disabled.%20Customers%20should%20not%20be%20surprised%20when%20that%20happens.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2669595%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2669595%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F384127%22%20target%3D%22_blank%22%3E%40Sean_Stevenson%3C%2FA%3E%26nbsp%3B%40Awesome%2C%20thank%20you!!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2728404%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2728404%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20alot%20of%20HP%20copiers%20that%20send%20via%20smtp%2C%20but%20I%20can't%20find%20anywhere%20how%20to%20change%20them%20to%20tls%201.2%26nbsp%3B%20It's%20good%20I%20could%20now%20change%20them%20to%20legacy%2C%20but%20would%20rather%20use%201.2%26nbsp%3B%20%26nbsp%3BDoes%20anyone%20know%20how%20to%20do%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2728816%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2728816%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1148834%22%20target%3D%22_blank%22%3E%40nick_lgl%3C%2FA%3E%26nbsp%3BSome%20printers%20might%20require%20an%20firmware%20update%20to%20get%20TLS%201.2%20support.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2659652%22%20slang%3D%22en-US%22%3ENew%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2659652%22%20slang%3D%22en-US%22%3E%3CP%3EExchange%20Online%20ended%20support%20for%20TLS1.0%20and%20TLS1.1%20in%20October%202020.%20We%20know%20that%20the%20push%20to%20meet%20our%20security%20and%20compliance%20requirements%20has%20made%20it%20difficult%20to%20support%20legacy%20clients%20and%20devices%20that%20use%20our%20service.%20A%20balance%20is%20needed%20in%20a%20shared%20service%20that%20hosts%20the%20emails%20of%20local%20bakeries%20as%20well%20as%20many%20countries%E2%80%99%20governments.%3C%2FP%3E%0A%3CP%3EWhile%20no%20longer%20supported%2C%20our%20servers%20still%20allow%20clients%20to%20use%20those%20older%20versions%20of%20TLS%20when%20connecting%20with%20Exchange%20Online.%20However%2C%20we%20have%20warned%20our%20customers%20that%20we%20can%20disable%20them%20at%20any%20time%20without%20further%20warning.%3C%2FP%3E%0A%3CP%3EIn%202022%2C%20we%20plan%20to%20disable%20those%20older%20TLS%20versions%20to%20secure%20our%20customers%20and%20meet%20compliance%20requirements.%20However%2C%20due%20to%20significant%20usage%2C%20we%E2%80%99ve%20created%20an%20opt-in%20endpoint%20that%20legacy%20clients%20can%20use%20with%20TLS1.0%20and%20TLS1.1.%20This%20way%2C%20an%20organization%20is%20secured%20with%20TLS1.2%20unless%20they%20specifically%20decide%20to%20opt%20for%20a%20less%20secure%20posture%20Note%20that%20only%20WW%20customers%20will%20be%20able%20to%20use%20this%20new%20endpoint.%20Customers%20in%20US%20Government%20clouds%20have%20higher%20security%20standards%20and%20will%20not%20be%20able%20to%20opt-in%20to%20use%20older%20versions%20of%20TLS.%3C%2FP%3E%0A%3CP%3ETo%20take%20advantage%20of%20this%20new%20endpoint%2C%20admins%20will%20have%20to%3A%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3ESet%20the%20%3CSTRONG%3EAllowLegacyTLSClients%3C%2FSTRONG%3E%20parameter%20on%20the%20%3CSTRONG%3ESet-TransportConfig%3C%2FSTRONG%3E%20cmdlet%20to%20True.%3C%2FLI%3E%0A%3CLI%3ELegacy%20clients%20and%20devices%20will%20need%20to%20be%20configured%20to%20submit%20using%20the%20new%20endpoint%20%3CSTRONG%3Esmtp-legacy.office365.com%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3EWhile%20the%20change%20to%20stop%20support%20for%20TLS1.0%20and%20TLS1.1%20for%20the%20regular%20endpoint%20(smtp.office365.com)%20will%20happen%20in%202022%2C%20we%E2%80%99re%20giving%20our%20customers%20advanced%20notice%20to%20start%20configuring%20clients%20that%20they%20have%20not%20been%20able%20to%20upgrade%20or%20update%20to%20use%20TLS1.2.%20During%20the%20long%20effort%20to%20deprecate%20the%20legacy%20TLS%20versions%2C%20we%20have%20documented%20how%20to%20identify%20mailboxes%20that%20are%20still%20using%20them%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Finvestigating-tls-usage-for-smtp-in-exchange-online%2Fba-p%2F609278%22%20target%3D%22_blank%22%3EInvestigating%20TLS%20usage%20for%20SMTP%20in%20Exchange%20Online%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3EFor%20customers%20who%20would%20like%20to%20force%20the%20use%20of%20TLS1.2%20early%2C%20they%20can%20do%20so%20by%20setting%20the%20%3CSTRONG%3EAllowLegacyTLSClients%3C%2FSTRONG%3E%20parameter%20to%20False.%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId-1416026058%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%20id%3D%22toc-hId-1416026089%22%3ENew%20submission%20error%20speedbump%20to%20be%20introduced%3C%2FH1%3E%0A%3CP%3EWe%20are%20fully%20aware%20that%20many%20customers%20will%20not%20have%20noticed%20the%20multiple%20Message%20Center%20posts%20and%20blog%20posts%2C%20and%20are%20not%20aware%20of%20clients%20or%20devices%20that%20are%20still%20using%20TLS1.0%20to%20submit%20messages.%20With%20this%20in%20mind%2C%20starting%20in%20September%202021%2C%20we%20will%20reject%20a%20small%20percentage%20of%20connections%20that%20use%20TLS1.0%20for%20SMTP%20AUTH.%20Clients%20should%20retry%20as%20with%20any%20other%20temporary%20errors%20that%20can%20occur%20during%20submission.%20Over%20time%20we%20will%20increase%20the%20percentage%20of%20rejected%20connections%2C%20causing%20delays%20in%20sending%20that%20more%20and%20more%20customers%20should%20notice.%20The%20error%20will%20be%3A%3C%2FP%3E%0A%3CP%20class%3D%22code%22%3E421%204.7.66%20TLS%201.0%20and%201.1%20are%20not%20supported.%20Please%20upgrade%2Fupdate%20your%20client%20to%20support%20TLS%201.2.%20Visit%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fsmtp_auth_tls%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2Fsmtp_auth_tls%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3EWe%20intend%20to%20make%20a%20final%20announcement%20when%20we%20are%20ready%20to%20make%20the%20change%20to%20disable%20TLS1.0%20and%20TLS1.1%20for%20SMTP%20AUTH%20for%20the%20regular%20endpoint.%3C%2FP%3E%0A%3CP%3EAdditional%20documentation%20can%20be%20found%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fopt-in-exchange-online-endpoint-for-legacy-tls-using-smtp-auth%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EOpt-in%20to%20Exchange%20Online%20endpoint%20for%20legacy%20TLS%20clients%20using%20SMTP%20AUTH%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22author%22%3EExchange%20Transport%20Team%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2659652%22%20slang%3D%22en-US%22%3E%3CP%3EDue%20to%20significant%20usage%2C%20we%E2%80%99ve%20created%20an%20opt-in%20endpoint%20that%20legacy%20clients%20can%20use%20with%20TLS1.0%20and%20TLS1.1%20in%20our%20shared%20service.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2659652%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAnnouncements%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ETips%20'n%20Tricks%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Etransport%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2811804%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2811804%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1148834%22%20target%3D%22_blank%22%3E%40nick_lgl%3C%2FA%3E%26nbsp%3B%20the%20solution%20we%20used%20was%20install%20a%20smtp%20server%20on%20one%20of%20the%20windows%20machines%20(%20iis%20smtp%20)%20and%20use%20that%20as%20forwarder%20(%20config%20the%20smtp%20to%20only%20allow%20from%20certain%20ip%20addresses%20)%26nbsp%3B%20downside%20is%20a%20SPOF%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2855664%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2855664%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20TLS%20versions%20are%20now%20to%20be%20hardcoded%20how%20about%20MS%20update%20their%20articles%20that%20advise%20against%20it%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMicrosoft%20recommendations%20are%20specifically%20against%20hard%20coding%20TLS%20versions%20in%20projects%20in%20this%20article%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdotnet%2Fframework%2Fnetwork-programming%2Ftls%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdotnet%2Fframework%2Fnetwork-programming%2Ftls%3C%2FA%3E%20..%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%22To%20ensure%20.NET%20Framework%20applications%20remain%20secure%2C%20the%20TLS%20version%20should%20not%20be%20hardcoded.%20.NET%20Framework%26nbsp%3Bapplications%20should%20use%20the%20TLS%20version%20the%20operating%20system%20(OS)%20supports.%22%3C%2FP%3E%3CP%3EAnd%20then.%3C%2FP%3E%3CP%3E%22Do%20not%20specify%20the%20TLS%20version.%20Configure%20your%20code%20to%20let%20the%20OS%20decide%20on%20the%20TLS%20version.%22%3C%2FP%3E%3CP%3EAnd%20then%26nbsp%3B%3C%2FP%3E%3CP%3E%22Perform%20a%20thorough%20code%20audit%20to%20verify%20you're%20not%20specifying%20a%20TLS%20or%20SSL%20version.%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFollowing%20this%20advise%20would%20have%20lead%20any%20developer%20not%20specifying%20the%20TLS%20version%20to%20have%20significant%20problems%20with%20the%20change%20initiated%20above%20hidden%20in%20messaging%20no%20one%20would%20have%20got%20to%20finding%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2855733%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2855733%22%20slang%3D%22en-US%22%3E%3CP%3EA%20couple%20more%20points%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1)%26nbsp%3BWhy%20make%20people%20Opt%20In%3F%26nbsp%3BWhy%20make%20it%20harder%20and%20more%20work%20for%20people%3C%2FP%3E%3CP%3ESurely%20if%20they%20connect%20to%20%3CSTRONG%3Elegacy-smtp.office365.com%3C%2FSTRONG%3E%20they%20wish%20to%20opt%20in%20!%3C%2FP%3E%3CP%3EPlease%20consider%20setting%20a%20default%20to%20save%20all%20the%20developers%20and%20businesses%20not%20given%20proper%20notice%20additional%20work.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2)%20You%20say%20that%20smtp.offfice365.com%20supports%20TLS%201.0%20and%20TLS%201.1%20until%202022.%3C%2FP%3E%3CP%3EThat%20is%20clearly%20not%20the%20case%20when%20you%20have%20specifically%20REJECT%20email%20requests%20coming%20to%20the%20service%20under%20those%20versions%20of%20TLS.%3C%2FP%3E%3CP%3EIf%20you%20actually%20supported%20it%20you%20would%20stop%20doing%20that.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2891722%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2891722%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3Bit%20looks%20like%20smtp-legacy%20is%20supporting%20TLS1.1%20but%20not%20TLS1.0%2C%20is%20this%20intentional%3F%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.ssllabs.com%2Fssltest%2Fanalyze.html%3Fd%3Dsmtp-legacy.office365.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.ssllabs.com%2Fssltest%2Fanalyze.html%3Fd%3Dsmtp-legacy.office365.com%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22j_lia_0-1635353421614.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F320486i2E21D2135BD21CFF%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22j_lia_0-1635353421614.png%22%20alt%3D%22j_lia_0-1635353421614.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20also%20appears%20that%20the%20failure%20rate%20you%20describe%20here%20went%20to%20100%25%20starting%20yesterday%20for%20TLS%201.0%3A%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3E%3CSPAN%3EWith%20this%20in%20mind%2C%20starting%20in%20September%202021%2C%20we%20will%20reject%20a%20small%20percentage%20of%20connections%20that%20use%20TLS1.0%20for%20SMTP%20AUTH.%20Clients%20should%20retry%20as%20with%20any%20other%20temporary%20errors%20that%20can%20occur%20during%20submission.%20Over%20time%20we%20will%20increase%20the%20percentage%20of%20rejected%20connections%2C%20causing%20delays%20in%20sending%20that%20more%20and%20more%20customers%20should%20notice.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2892980%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2892980%22%20slang%3D%22en-US%22%3E%3CP%3EI%20can%20tell%20you%20what%20a%20support%20team%20told%20me%20but%20that%20is%20not%20consistent%20with%20what%20is%20happening%20in%20practise.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20Legacy%20is%20meant%20to%20support%201.1%20and%201.0%20exclusively%20-%20it%20has%20been%20designed%20to%20reject%201.2%20requests.%3C%2FP%3E%3CP%3E-%20Legacy%20in%20practise%20has%20a%20high%20failure%20rate%20I%20was%20told%20because%20it%20was%20rejecting%201.2%20traffic.%20In%20practise%20that%20wasnt%20what%20I%20found%20like%20you%20it%20was%20rejecting%20other%20TLS%20requests%20much%20like%20the%20smtp%20service%20was.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20while%20they%20suggest%20they%20support%201.1%20and%201.0%20in%20smtp.office365.com%20-%20you%20cant%20use%20it%20given%20the%20high%20failure%20rate%3C%2FP%3E%3CP%3ESo%20while%20they%20suggest%20legacy%20as%20a%20workaround%20-%20you%20cannot%20use%20it%20either%20because%20of%20the%20high%20failure%20rate%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20always%20followed%20MS%20best%20practise%20outline%20here%26nbsp%3B%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.microsoft.com%252Fen-us%252Fdotnet%252Fframework%252Fnetwork-programming%252Ftls%26amp%3Bdata%3D04%257C01%257Cv-swirnk%2540microsoft.com%257Cf99bcfb375314037684508d99420f262%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637703694490058954%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%26amp%3Bsdata%3DxJbnadBC4MKCaz0L3AkWsmfokox%252FxKoZ%252BHpIwffBulo%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdotnet%2Fframework%2Fnetwork-programming%2Ftls%3C%2FSPAN%3E%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CI%3E%3CSPAN%3E%22To%20ensure%20.NET%20Framework%20applications%20remain%20secure%2C%20the%20TLS%20version%20should%20not%20be%20hardcoded.%20.NET%20Framework%26nbsp%3Bapplications%20should%20use%20the%20TLS%20version%20the%20operating%20system%20(OS)%20supports.%22%3C%2FSPAN%3E%3C%2FI%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20And%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CI%3E%3CSPAN%3E%22Do%20not%20specify%20the%20TLS%20version.%20Configure%20your%20code%20to%20let%20the%20OS%20decide%20on%20the%20TLS%20version.%22%3C%2FSPAN%3E%3C%2FI%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20And%20then%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CI%3E%3CSPAN%3E%22Perform%20a%20thorough%20code%20audit%20to%20verify%20you're%20not%20specifying%20a%20TLS%20or%20SSL%20version.%22%3C%2FSPAN%3E%3C%2FI%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ESo%20while%20they%20suggest%20the%20OS%20and%20the%20SMTP%20Server%20determine%20and%20use%20the%20highest%20version%20of%20TLS%20.12%20available%20that%20just%20isnt%20true.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EAll%20our%20testing%20showed%20the%20same%20code%20on%20the%20same%20OS%20jumped%20between%201.0%20and%201.2.%20This%20left%20us%20with%20a%20real%20problem%20because%20we%20couldnt%20use%20SMTP%20or%20Legacy.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20article%20includes%20details%20on%20how%20to%20set%20TLS%20Versions%20and%20String%20Crypto%20registry%20keys.%20we%20have%20had%20to%20apply%20them%20any%20any%20client%20workstation.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fconfigmgr%2Fcore%2Fplan-design%2Fsecurity%2Fenable-tls-1-2-client%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fconfigmgr%2Fcore%2Fplan-design%2Fsecurity%2Fenable-tls-1-2-client%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20seems%20to%20path%20the%20OS%20and%20ensure%20it%20consistently%20uses%20TLS%201.2%20-%20where%20prior%20to%20loading%20there%20was%20no%20certainly%20on%20what%20the%20clinet%20.NET%20framework%20and%20the%20destination%20office365%20server%20wanted%20to%20use.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3056211%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3056211%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20there%2C%3CBR%20%2F%3E%3CBR%20%2F%3EYou%20say%20this%20is%20going%20live%20in%202022%2C%20have%20we%20got%20a%20more%20precise%20timeline%20for%20this%3F%3CBR%20%2F%3E%3CBR%20%2F%3EIt%20seems%20like%20we're%20experiencing%20this%20Speedbump.%3CBR%20%2F%3EWe%20first%20experienced%20this%20October%2C%20then%20it%20stopped%20for%20seemingly%202%20months%20before%20resuming%20Mid-Decemember%20to%20now.%3CBR%20%2F%3E%3CBR%20%2F%3EUpgrading%20one%20of%20our%20projects%20to%20use%20.NET%204.7%2C%20where%20the%20TLS%20default%20version%20is%20TLS%201.2%2C%20fixed%20the%20issue%20immediately.%3CBR%20%2F%3EHowever%2C%20we%20obviously%20won't%20have%20this%20luxury%20for%20all%20our%20projects.%20Would%20be%20good%20to%20know%20how%20long%20we%20have%20before%20it%20goes%20from%20approx%2050%25%20to%20100%25%20failure!%3CBR%20%2F%3E%3CBR%20%2F%3ECheers%2C%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3056881%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3056881%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1271021%22%20target%3D%22_blank%22%3E%40RyanW96%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Elookup%20the%20reg%20keys%20for%20tls%201.2%3C%2FP%3E%3CP%3Eand%20the%20SchUseStrongCrypto%20reg%20entry%3C%2FP%3E%3CP%3EWith%20this%20change%20our%20application%20was%20able%20to%20use%20TLS%201.2%20connections%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.itnota.com%2Fenabling-tls-1-2-default-security-protocol-windows-servers%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.itnota.com%2Fenabling-tls-1-2-default-security-protocol-windows-servers%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3060570%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3060570%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20that.%20Quite%20a%20few%20ways%20to%20set%20this%20up%20it%20seems.%20Hardcoding%20is%20another%20option%20if%20all%20fails%3B%20something%20we've%20seen%20commonly%20with%20say%20Paypal%20IPN.%20Not%20the%20recommended%20practice%20but%20a%20practical%20solution%20if%20you%20need%20one.%20Useful%20if%20you%20can't%20upgrade%20.NET%20or%20apply%20registry%20changes.%3CBR%20%2F%3E%3CBR%20%2F%3EWe're%20ready%20to%20go%20on%20our%20end%3B%20though%20still%20a%20few%20unanswered%20questions%20and%20greviances%3A%3CBR%20%2F%3EA)%20Just%20out%20of%20curiousity%20sakes%2C%20has%20anyone%20actually%20ever%20gotten%20this%20supposed%20error%2C%20where%20was%20it%20supposed%20to%20be%20read%3A%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-applescript%22%3E%3CCODE%3E421%204.7.66%20TLS%201.0%20and%201.1%20are%20not%20supported.%20Please%20upgrade%2Fupdate%20your%20client%20to%20support%20TLS%201.2.%20Visit%20https%3A%2F%2Faka.ms%2Fsmtp_auth_tls.%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3EWe%20tested%20Telnet%2C%20OpenSSL%2C%20Powershell%20.net%20smtpclient%20and%20the%20live%20site%20.net%20smtpclient%20and%20neither%20error%20we%20recevied%20was%20like%20this%20at%20all.%20The%20account%20in%20question%20doesn't%20get%20this%20error%20since%20it's%20rejected%20before%20it%20even%20gets%20to%20that%20point.%20The%20error%20we%20saw%20was%20simply%20a%20generic%20%22Failure%20sending%20email%22%20so%20it%20took%20us%20a%20while%20to%20get%20to%20the%20bottom%20of%20the%20issue%20of%20our%20own%20accord.%3CBR%20%2F%3E%3CBR%20%2F%3EB)%20Still%20need%20a%20timeline%20or%20an%20update%20on%20when%20this%20is%20expected%20to%20go%20live.%20Would%20also%20be%20nice%20to%20have%20some%20transparency%20to%20understand%20the%20schedule%20and%20intensity%20of%20the%20%22Speedbump%22.%20Microsoft%20are%20aware%20this%20is%20having%20a%20tangible%20impact%20on%20the%20livelihood%20of%20businesses%20and%20clients'%20live%20sites%2C%20correct%3F%20So%20it'd%20be%20nice%20to%20know%20what%20to%20expect%20from%20this%20%22Speedbump%22%20beforehand%2C%20is%20it%2020%25%20of%20all%20emails%2C%20is%20it%20more%2C%20is%20it%20running%20on%20a%20timeframe%3F%20Why%20did%20we%20have%202%20months%20of%20no%20issues%20for%20instance%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3062085%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3062085%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20only%20place%20were%20are%20seeing%20issues%20with%20mail%20going%20out%20through%20TLS%201.0%20is%20on%20our%20SQL%20Server%20through%20database%20mail.%26nbsp%3B%20We%20are%20currently%20running%20SQL%20Server%202014%20sp3%20on%20a%20Windows%20Server%202019%20VM.%26nbsp%3B%20Does%20anyone%20know%20if%20upgrading%20to%20SQL%20Server%202016%20will%20fix%20the%20issue%20with%20database%20mail%20and%20send%20using%20TLS%201.2%3F%20I%20have%20applied%20all%20registry%20settings%20recommended%20to%20get%20TLS%201.2%20to%20work%20and%20nothing%20has%20worked.%26nbsp%3B%20Our%20mail%20is%20Microsoft%20365%20through%20Rackspace%2C%20Inc.%26nbsp%3B%20I%20do%20not%20have%20the%20rights%20to%20make%20changes%20through%20Exchange%20powershell%2C%20so%20not%20sure%20using%20the%20legacy%20smtp%20server%20would%20even%20work%20for%20us.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3067079%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3067079%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20also%20having%20an%20issue%20with%20database%20mail.%20we%20are%20on%20SQL%20server%202012%20R2%2C%20the%20latest%20.net%20version%20and%20nothing%20we%20do%20will%20fix%20the%20issue.%26nbsp%3B%20We%20have%20a%20support%20ticket%20with%20Microsoft%20and%20they%20are%20telling%20us%20to%20install%20SP4%20for%20SQL%202012%20R2.%26nbsp%3B%20Any%20insight%20or%20help%20would%20be%20appreciated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3067163%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3067163%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1281699%22%20target%3D%22_blank%22%3E%40davies217%3C%2FA%3ESounds%20like%20you%20don't%20have%20much%20choice%20but%20to%20install%20the%20Service%20Pack%204%20then%20as%20recommended.%20Out%20the%20box%2C%20SQL%20Server%202012%20R2%20does%20not%20support%20TLS%201.2.%20SP4%20enables%20support%20for%20it.%20Use%20this%20for%20reference%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fkb3135244-tls-1-2-support-for-microsoft-sql-server-e4472ef8-90a9-13c1-e4d8-44aad198cdbe%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fkb3135244-tls-1-2-support-for-microsoft-sql-server-e4472ef8-90a9-13c1-e4d8-44aad198cdbe%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1276108%22%20target%3D%22_blank%22%3E%40DNewb860%3C%2FA%3E%26nbsp%3BSQL%20Server%202014%20SP3%20should%20already%20have%20TLS%201.2%20capabilities%2C%20something%20else%20must%20be%20broken.%20If%20all%20else%20fails%2C%20then%20an%20upgrade%20to%20SQL%20Server%202016%20will%20have%20TLS%201.2%20built%20in%20support.%20My%20only%20question%20would%20to%20what%20you%20actually%20done%20to%20the%20registry.%20Compare%20what%20you%20did%20to%20this%20guide%20as%20the%20Microsoft%20guides%20are%20lacking%3A%20%3CA%20href%3D%22https%3A%2F%2Fwww.itnota.com%2Fenabling-tls-1-2-default-security-protocol-windows-servers%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.itnota.com%2Fenabling-tls-1-2-default-security-protocol-windows-servers%2F%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3070766%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3070766%22%20slang%3D%22en-US%22%3E%3CP%3EMy%20issue%20with%20Database%20Mail%20not%20sending%20messages%20through%20TLS%201.2%20has%20been%20fixed%20with%20reference%20to%20article%26nbsp%3B%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.itnota.com%2Fenabling-tls-1-2-default-security-protocol-windows-servers%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.itnota.com%2Fenabling-tls-1-2-default-security-protocol-windows-servers%2F%3C%2FA%3E%26nbsp%3Breferenced%20above%20(Thanks%20RyanW96).%26nbsp%3B%20In%20my%20case%2C%20SQL%20Server%202014%20sp3%20is%20installed%20on%20a%20Windows%202019%20Enterprise%20VM.%26nbsp%3B%20In%20both%20cases%2C%20everything%20I%20read%20about%20TLS%201.2%20said%20that%20my%20system%20should%20be%20able%20to%20send%20over%20TLS%201.2%2C%20but%20it%20was%20sending%20at%20TLS%201.0.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAdding%20the%20registry%20keys%20mentioned%20in%20this%20article%20in%20addition%20to%20adding%20a%20few%20other%20keys%20that%20were%20not%20present%2C%20Database%20mail%20is%20now%20sending%20through%20TLS%201.2.%26nbsp%3B%20The%20keys%20I%20added%20are%20as%20follows%20(I%20had%20to%20add%20all%20of%20these%20keys%20since%20the%20only%20thing%20under%20SCHANNEL%20was%20SSL%202.0%3A%3C%2FP%3E%3CP%3EHKEY_LOCAL_MACHINE%5CSYSTEM%5CCurrentControlSet%5CControl%5CSecurity%5CProviders%5CSCHANNEL%5CProtocols%5CTLS%201.0%5CServer%5C%20and%20%5CClient%5C%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3BDWORD%20%3D%20DisableByDefault%20-%20set%20to%201%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20DWord%20%3D%20Enabled%20-%20set%20to%201%3C%2FP%3E%3CP%3EHKEY_LOCAL_MACHINE%5CSYSTEM%5CCurrentControlSet%5CControl%5CSecurity%5CProviders%5CSCHANNEL%5CProtocols%5CTLS%201.1%5CServer%5C%20and%20%5CClient%5C%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3BDWORD%20%3D%20DisableByDefault%20-%20set%20to%201%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20DWord%20%3D%20Enabled%20-%20set%20to%201%3C%2FP%3E%3CP%3EHKEY_LOCAL_MACHINE%5CSYSTEM%5CCurrentControlSet%5CControl%5CSecurity%5CProviders%5CSCHANNEL%5CProtocols%5CTLS%201.2%5CServer%5C%20and%20%5CClient%5C%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3BDWORD%20%3D%20DisableByDefault%20-%20set%20to%200%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20DWord%20%3D%20Enabled%20-%20set%20to%201%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAdded%20DWORD%20keys%20as%20shown%20below%3A%3C%2FP%3E%3CP%3EHKey_LOCAL_MACHINE%5CSOFTWARE%5CMicrosoft%5C.NetFramework%5Cv2.0.50727%3C%2FP%3E%3CP%3EAdded%20Dword%20-%20SystemDefualtTLSVersions%20-%20set%20to%201%3C%2FP%3E%3CP%3EAdded%20Dword%20-%20SchUseStrongCrypto%20-%20set%20to%201%3C%2FP%3E%3CP%3EHKey_LOCAL_MACHINE%5CSOFTWARE%5CMicrosoft%5C.NetFramework%5Cv4.0.30319%3C%2FP%3E%3CP%3EAdded%20Dword%20-%20SystemDefualtTLSVersions%20-%20set%20to%201%3C%2FP%3E%3CP%3EAdded%20Dword%20-%20SchUseStrongCrypto%20-%20set%20to%201%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAdded%20DWORD%20keys%20as%20shown%20below%20(for%2064-bit%20OS)%3A%3C%2FP%3E%3CP%3EHKey_LOCAL_MACHINE%5CSOFTWARE%5CMicrosoft%5C.NetFramework%5Cv2.0.50727%3C%2FP%3E%3CP%3EAdded%20Dword%20-%20SystemDefualtTLSVersions%20-%20set%20to%201%3C%2FP%3E%3CP%3EAdded%20Dword%20-%20SchUseStrongCrypto%20-%20set%20to%201%3C%2FP%3E%3CP%3EHKey_LOCAL_MACHINE%5CSOFTWARE%5CWOW6432Node%5CMicrosoft%5C.NetFramework%5Cv4.0.30319%3C%2FP%3E%3CP%3EAdded%20Dword%20-%20SystemDefualtTLSVersions%20-%20set%20to%201%3C%2FP%3E%3CP%3EAdded%20Dword%20-%20SchUseStrongCrypto%20-%20set%20to%201%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAdded%20the%20following%20Keys%20and%20Dword%20(this%20key%20was%20not%20present)%3C%2FP%3E%3CP%3EHKEY_LOCAL_MACHINE%5CSOFTWARE%5CMicrosoft%5CWindows%5CCurrentVersion%5CInternetSettings%5CWinHTTP%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3BDWORD%20%3D%20DefaultSecureProtocols%20-%20set%20to%20800%3C%2FP%3E%3CP%3EAdded%20the%20following%20Keys%20and%20Dword%20(for%2064-bit%20OS)%3C%2FP%3E%3CP%3EHKEY_LOCAL_MACHINE%5CSOFTWARE%5CWOW6432Node%5CMicrosoft%5CWindows%5CCurrentVersion%5CInternetSettings%5CWinHTTP%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3BDWORD%20%3D%20DefaultSecureProtocols%20-%20set%20to%20800%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EReboot%20the%20SQL%20Server%20after%20adding%20all%20of%20these%20keys.%26nbsp%3B%20Test%20using%20Database%20Mail.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3071280%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3071280%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20updated%20to%20SQL%202012%20SP4%20and%20still%20no%20luck%20after%20changing%20registry%20below%20and%20rebooting.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%20Viktor%2C%3C%2FP%3E%3CP%3EAs%20per%20instruction%20received%20we%20upgrade%20our%20SQL%20version%20as%20below%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMicrosoft%20SQL%20Server%202012%20(SP4)%20(KB4018073)%20-%2011.0.7001.0%20(X64)%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Aug%2015%202017%2010%3A23%3A29%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Copyright%20(c)%20Microsoft%20Corporation%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Enterprise%20Edition%20(64-bit)%20on%20Windows%20NT%206.3%20%3CX64%3E%20(Build%209600%3A%20)%20(Hypervisor)%3C%2FX64%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBelow%20are%20the%20registry%20key%20which%20disables%20TLS%20older%20version%20on%20server%20and%20enable%20TLS%201.2%20by%20default.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22davies217_0-1643110268956.jpeg%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F342240i6616E993EC8FCA94%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22davies217_0-1643110268956.jpeg%22%20alt%3D%22davies217_0-1643110268956.jpeg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22davies217_1-1643110268959.jpeg%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F342241iEDA88FAC4EE695CD%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22davies217_1-1643110268959.jpeg%22%20alt%3D%22davies217_1-1643110268959.jpeg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22davies217_2-1643110268965.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F342242i63C1A9256739C607%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22davies217_2-1643110268965.png%22%20alt%3D%22davies217_2-1643110268965.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20still%20having%20the%20below%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMessage%20%3A%20%E2%80%9CThe%20mail%20could%20not%20be%20sent%20to%20the%20recipients%20because%20of%20the%20mail%20server%20failure.%20(Sending%20Mail%20using%20Account%204%20(2022-01-24T23%3A26%3A09).%20Exception%20Message%3A%20Cannot%20send%20mails%20to%20mail%20server.%20(Failure%20sending%20mail.).%E2%80%9D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22davies217_3-1643110269010.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F342243i77210678BBE38EEF%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22davies217_3-1643110269010.png%22%20alt%3D%22davies217_3-1643110269010.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3090857%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3090857%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPlease%20note%20that%20the%20disabling%20of%20TLS1.0%20and%20TLS1.1%20for%20the%20standard%20endpoints%20has%20commenced.%20Anyone%20not%20opt-ed%20in%20to%20the%20legacy%20endpoint%20and%20still%20using%20those%20versions%20will%20be%20unable%20to%20submit%20messages%20when%20the%20change%20reaches%20their%20tenant.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3105902%22%20slang%3D%22fr-FR%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3105902%22%20slang%3D%22fr-FR%22%3E%3CP%3EHi%20all%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20scheduled%20task%20which%20execute%20a%20PS%20script%20running%20on%20my%20DC%20in%20order%20to%20send%20export%20file%20by%20email%20using%20one%20of%20my%20365%20email%20account.%3C%2FP%3E%3CP%3EI%20use%20the%20command%20Send-MailMessage%2C%20the%20smtp%20server%20is%20smtp.office365.com%20and%20port%20is%20587.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESince%20December%20I%20must%20execute%20manually%20the%20script%20several%20times%20before%20it%20sends%20the%20email.%3C%2FP%3E%3CP%3EThe%20most%20part%20of%20time%20I%20have%20this%20error%20%3A%20Send-MailMessage%3A%20Unable%20to%20read%20data%20from%20the%20transport%20connection%3A%20net_io_connectionclosed%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20created%20the%20registry%20keys%20TLS%201.2%20Client%2FServer%20whith%20DWORD%20but%20it%20doesn't%20change%20anything.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20have%20an%20idea%20%3F%3C%2FP%3E%3CP%3EHow%20to%20be%20sure%20that%20TLS%201.2%20is%20used%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELooks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3106001%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3106001%22%20slang%3D%22en-US%22%3E%3CP%20data-unlink%3D%22true%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1294940%22%20target%3D%22_blank%22%3E%40Richard170%3C%2FA%3EYour%20circumstance%20is%20quite%20similar%20to%20our%20own%2C%20so%20highly%20recommend%20you%20read%20%3CSPAN%20class%3D%22%22%3E%3CSPAN%20class%3D%22%22%3EDNewb860's%3C%2FSPAN%3E%20%3C%2FSPAN%3Eresponse%20above%20if%20stuck.%20There's%20a%20lot%20more%20registry%20keys%20in%20addition%20to%20just%20setting%20up%20the%20TLS%201.2%20Client%2FServer.%20You%20also%20have%20to%20disable%20the%20previous%20TLS%20versions%20and%20then%20make%20sure%20to%20update%20the%20older%20.net%20frameworks%20so%20they%20target%201.2%20by%20default.%20(I%20suspect%20the%20latter%20might%20be%20what's%20tripping%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1281699%22%20target%3D%22_blank%22%3E%40davies217%3C%2FA%3E%20up%2C%20as%20they've%20done%20everything%20else%20up%20to%20this%20point)%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fwww.itnota.com%2Fenabling-tls-1-2-default-security-protocol-windows-servers%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.itnota.com%2Fenabling-tls-1-2-default-security-protocol-windows-servers%2F%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EFollowing%20this%20article%20was%20enough%20for%20our%20servers%20to%20get%20set-up%20so%20try%20this%20as%20a%20starter%20otherwise%20DNewb860%20had%20a%20few%20additional%20reg%20edits%20beyond%20this%20in%20his%20comment.%20Good%20luck.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3243303%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3243303%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20anyone%20put%20this%20in%20plain%20English%2C%20please%3F%20I%20am%20not%20a%20tech%20person%3B%20I%20am%20a%20small%20business%20owner%20who%20relies%20on%20Outlook%20to%20communicate%20with%20my%20vendors%20and%20customers.%20I%20can%20receive%20mail%20but%20not%20send%20it%20out.%20I%20would%20appreciate%20some%20instructions%20for%20the%20lay%20person.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3247853%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3247853%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20update%20has%20inforced%20this%20change%3F%20%22%3CSTRONG%3EUpdate%20(Feb%202022)%3A%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3BWe%20have%20started%20to%20disable%20TLS1.0%20and%20TLS1.1%20for%20the%20default%20SMTP%20AUTH%20endpoints.%20If%20you%20have%20clients%20that%20can%E2%80%99t%20use%20TLS1.2%2C%20they%20should%20be%20configured%20to%20use%20the%20opt-in%20legacy%20endpoint%20by%20now.%22%20When%20was%20the%26nbsp%3B%26nbsp%3B%22Turn%20on%20use%20of%20legacy%20TLS%20clients%22%20option%20introduce%20and%20inforced%3F%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20have%20clients%20that%20cannot%20receive%20the%20database%20mail%20without%20'opting-in'%20with%20the%20less%20secure%20TLS%20versions.%20For%20most%20it's%20fine%20but%20we%20have%20others%20that%20see%20the%20risk.%20I%20want%20to%20replicate%20in%20a%20test%20enviroment%20using%20the%20update.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3Ethanks%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3269159%22%20slang%3D%22en-US%22%3ERe%3A%20New%20opt-in%20endpoint%20available%20for%20SMTP%20AUTH%20clients%20still%20needing%20legacy%20TLS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3269159%22%20slang%3D%22en-US%22%3E%3CP%3EI%20can%20verify%20that%20the%20steps%20that%20DBNewb860%20published%20worked%20for%20me%20with%20Sql%20Server%202014%20On%20Windows%20Server%202012%20R2%20Data%20Center.%26nbsp%3B%20It%20was%20not%20necessary%20to%20reboot%20the%20server.%26nbsp%3B%20Once%20the%20database%20mail%20process%20started%20everything%20worked%20and%20mail%20started%20to%20get%20sent%20again.%26nbsp%3B%20HOWEVER%3A%20NOTE%20THAT%20S%3CSPAN%3EystemDefaultTLSVersions%20IS%20SPELLED%20INCORRECTLY%20IN%20DBNewb860'S%20POST%20SO%20IF%20YOU%20COPY%20PASTE%20CORRECT%20THE%20SPELLING!!!!!!!!!!!!!%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Feb 01 2022 02:39 PM
Updated by: