Recommended SMIME algorithm settings for modern Outlook builds
Published Jul 14 2022 08:27 AM 9,005 Views

To take advantage of the best security available when using SMIME for email, you must configure Outlook to use modern algorithm settings. This post explains how ensure you are using these modern algorithms for encryption and digital signatures. This is important, considering that Windows and Outlook still allow you to use older and less secure algorithms for encryption and digital signatures.


The following registry values give you a good start for configuring a security profile using stronger algorithms, thus providing higher security for digitally signed and encrypted email messages using SMIME.


Furthermore, these values disable less secure algorithms, preventing their use in Outlook.


These registry keys need to be set before you configure the security profile. If a security profile has already been set up, make a note of the settings, then delete the security profile, restart Outlook, and create a new security profile. 

To view and configure security settings, click the File menu, then click Options, Trust Center, click the Trust Center Settings button, then click Email Security, and then the Settings button.


To set the following higher security algorithms as the new defaults, use the registry settings below:


  • Encrypted email - AES 128 bit (2.16.840.
  • Digital signature - SHA 384 bit (2.16.840.


Windows Registry Editor Version 5.00


The security profile should look like this:



These registry keys are supported in the following versions:


Version history
Last update:
‎Jul 14 2022 08:26 AM
Updated by: