Overview
FaxMaker supports Transport Layer Security (TLS) and Secure Sockets Layer (SSL) SMTP servers, both of which are widely used encryption protocols for secure email messaging.
As SSLv3 is vulnerable and not secure to use, it is recommended to enable TLS configuration on your Windows Server and Internet Information Service (IIS).
Solution
The encryption takes place between SMTP servers and is handled outside FaxMaker by IIS SMTP, which is a built-in SMTP server available on Windows server platforms.
Follow these steps to enable TLS on your IIS server:
- Take a backup of the registry before making any changes.
- Enable TLS 1.2 on Windows by manually updating the registry files:
- Open registry on the server by running regedit in the Run window.
- Navigate to the below location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
- Add the TLS 1.1 and TLS 1.2 keys under Protocols:
- Right-click Protocols,
- Select New > Key
- Name the key TLS 1.1
- Similarly, create another key with the name TLS 1.2
- Create two keys Client and Server under both TLS keys.
- Create the DWORD (32-bit) values under Server and Client key as follows:
DisabledByDefault [Value = 0]
Enabled [Value = 1]
-
Disable TLS and SSL older versions:
-
Open registry on your server by running regedit in the Run window.
-
Navigate to the below location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols -
Now change DWORD values under Server and Client under TLS 1.0, SSL 3.0, and older SSL version keys:
DisabledByDefault [Value = 0]
Enabled [Value = 0]
-
-
Reboot the server.
Testing
Verify that your server now supports TLS 1.2 protocol by following the below steps:
- Click the Windows button on the lower left-hand corner of your Desktop.
- Type "Internet Options" and select Internet Options from the list.
- Click on the Advanced tab and from there scroll down to the very bottom. Confirm that TLS 1.2 is checked. If it is not, please check the box adjacent to Use TLS 1.2 and then Apply.
You may also refer to this 3rd-party online tool to validate the SMTP TLS configuration: CheckTLS.com
Additional Information
REG files to automate the process are attached as downloadable files.