1. Enable TLS 1.2 and TLS 1.3
- Press Win + R, type inetcpl.cpl, and press Enter.
- Go to Advanced → Security section.
- Make sure these are checked:
- Use TLS 1.2
- Use TLS 1.3 (if available)
- Uncheck deprecated protocols:
- SSL 3.0
- TLS 1.0 / TLS 1.1
- Click Apply, restart the system, and retry Outlook.
2. Install Latest Outlook and Windows Updates
- Updates often patch encryption libraries and handshake protocols.
- For Outlook: Go to File → Office Account → Update Options → Update Now.
- For Windows: Navigate to Settings → Windows Update → Check for updates.
3. Verify Server Certificate Trust
- Open your browser and visit the mail server URL (e.g., https://outlook.office365.com).
- Click the padlock → View Certificate.
- Ensure:
- The certificate is valid and not expired.
- It’s issued by a trusted certificate authority.
- It matches the server’s domain name.
4. Clear SSL State
- Navigate to Internet Options → Content → Clear SSL State.
- This flushes cached certificates and resets handshake attempts.
5. Check and Reset Windows Cryptographic Services
- Open Command Prompt as Administrator.
- Run:
- net stop cryptsvc
- net start cryptsvc
- Restart your PC.
6. Temporarily Disable Firewall or Antivirus SSL Scanning
- Some AVs (like Avast, Kaspersky) intercept HTTPS traffic. Try:
- Disabling SSL scanning or HTTPS inspection features.
- Whitelisting Outlook.exe or the mail server domain.
- Test Outlook connectivity after changes.
7. (Advanced) Enable TLS via Windows Registry
Backup your registry before making changes.
- Open regedit.
- Navigate to:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2
- Create subkeys: Client and Server.
- Add DWORDs:
- Enabled = 1
- DisabledByDefault = 0
- Restart the system.