Phone Lines icon GFI Support Home Start a conversation Sign in
Start a conversation
  1. GFI FaxMaker
  2. GFI FaxMaker - Configuration
  3. Articles

Enabling TLS Configuration on IIS/SMTP Server

Overview

FaxMaker supports Transport Layer Security (TLS) and Secure Sockets Layer (SSL) SMTP servers, both of which are widely used encryption protocols for secure email messaging.

As SSLv3 is vulnerable and not secure to use, it is recommended to enable TLS configuration on your Windows Server and Internet Information Service (IIS).

Solution

The encryption takes place between SMTP servers and is handled outside FaxMaker by IIS SMTP, which is a built-in SMTP server available on Windows server platforms.

Follow these steps to enable TLS on your IIS server:

  1. Take a backup of the registry before making any changes.
  2. Enable TLS 1.2 on Windows by manually updating the registry files:
    1. Open registry on the server by running regedit in the Run window.
    2. Navigate to the below location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
    3. Add the TLS 1.1 and TLS 1.2 keys under Protocols:
      1. Right-click Protocols,
      2. Select New > Key
      3. Name the key TLS 1.1
      4. Similarly, create another key with the name TLS 1.2
        TLS-1.png
    4. Create two keys Client and Server under both TLS keys.
    5. Create the DWORD (32-bit) values under Server and Client key as follows:
      DisabledByDefault [Value = 0]
      Enabled [Value = 1]
      TLS-2.png

  3. Disable TLS and SSL older versions:

    1. Open registry on your server by running regedit in the Run window.

    2. Navigate to the below location:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

    3. Now change DWORD values under Server and Client under TLS 1.0, SSL 3.0, and older SSL version keys:
      DisabledByDefault [Value = 0]
      Enabled [Value = 0]

  4. Reboot the server.

Testing

Verify that your server now supports TLS 1.2 protocol by following the below steps:

  1. Click the Windows button on the lower left-hand corner of your Desktop.
  2. Type "Internet Options" and select Internet Options from the list.
  3. Click on the Advanced tab and from there scroll down to the very bottom. Confirm that TLS 1.2 is checked. If it is not, please check the box adjacent to Use TLS 1.2 and then Apply.
    TLS_1.2.png

You may also refer to this 3rd-party online tool to validate the SMTP TLS configuration: CheckTLS.com

Additional Information

REG files to automate the process are attached as downloadable files.

Enable-TLS12-Windows.reg

  1. 1 KB
  2. View
  3. Download

Enable-TLS12-TLS11-Windows.reg

  1. 1 KB
  2. View
  3. Download
Download all
Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments