How to make sure CodeTwo Email Signatures for Email Clients supports TLS 1.2
This article is meant for users of CodeTwo Email Signatures for Email Clients. This software has been discontinued. If your organization uses Office 365, check out CodeTwo Email Signatures for Office 365.
Starting 31 October 2018, Microsoft makes TLS 1.2 the default security protocol in Office 365. TLS 1.0 and 1.1 still work, but Microsoft does not provide support in case of connection or compatibility issues.
This article explains how to ensure that CodeTwo Email Signatures for Email Clients supports TLS 1.2 for communication with Office 365. We recommend following the guidelines below because TLS 1.2 provides better security and allows you to avoid any possible Office 365 connection issues in the future (when Microsoft disables the older TLS versions).
If you plan to disable TLS 1.0 and 1.1 in your environment and switch entirely to TLS 1.2, you need to update CodeTwo Email Signatures for Email Clients to the version that supports TLS 1.2. Otherwise, you will not be able to use the software to deploy new Office 365 signature policies and update your existing Office 365 policies. For more information, see Troubleshooting.
To ensure that CodeTwo Email Signatures for Email Clients supports TLS 1.2 in your environment, you need to:
- Make sure that you are using version 220.127.116.11, which fully supports TLS 1.2. The number of your current version is displayed on the program's title bar.
- If you're not using version 18.104.22.168 (or newer), you need to update the software. For guidelines, see How to update CodeTwo Email Signatures for Email Clients.
- If it's not possible for you to update your CodeTwo software right away, you can manually enable TLS 1.2 for the .NET framework on your machine.
- Alternatively, you can switch to our flagship email signature solution, CodeTwo Email Signatures for Office 365, which is already fully compatible with TLS 1.2 and provides more features and flexibility. Migration is not free, but we offer massive discounts for our clients.
To enable support for TLS 1.2 in CodeTwo Email Signatures for Email Clients, you need to update the software to the latest version by following these steps:
- Download the installer from the program's download page onto the machine where CodeTwo Email Signatures for Email Clients Administration Panel is installed.
- If the software's Administration Panel is running, close it before you proceed.
- Launch the downloaded installer and install the program on top of your existing version.
- After the update process is complete, you can launch the program. All of your settings are retained.
- The program now supports Transport Layer Security 1.2, and you can use it to create and update Office 365 signature policies.
If you cannot update CodeTwo Email Signatures for Email Clients to the latest version right away (which is our recommended solution), you can work around the problem manually by making the machine where the program is installed use TLS 1.2 for Schannel and .NET framework:
- first, you need to manually set TLS 1.2 as the default security protocol in your system by modifying the Windows registry (Schannel);
- then you need to set the .NET framework(s) on the machine to use your system's default TLS protocol. Learn how to check your .NET version
For more information and step-by-step guidelines, see this Microsoft blog article (the instructions provided in the article apply not only to the server versions of Windows, but also to the client versions of Windows, e.g. Windows 10).
This section describes problems that occur if your environment has TLS 1.0 and 1.1 disabled (TLS 1.2 is your only security protocol), and you're still using a version of CodeTwo Email Signatures for Email Clients that does not support TLS 1.2.
- You are not able to configure a connection to Office 365 when deploying an Office 365 policy
- Signatures of Office 365 users are not updated
You are not able to connect to Office 365 when configuring the deployment of an Office 365 policy (Fig. 1.), and you get the following (or similar) error when the connection is verified:
Target server connection: The Autodiscover service couldn't be located.
This error appears when you try to create a new connection to an Office 365 tenant or when you edit an existing connection.
The error reappears when you click the Test button and type your admin credentials (or select an admin account via the Browse button): the test fails (Fig. 2.), and the program asks you to make sure the entered email address and password are correct (Fig. 2.).
You experience these problems because the software version that you have does not support TLS 1.2 and is therefore not able to connect to Office 365.
To fix these issues, you need to update the program to the latest version.
If these errors still occur after the update, you should make sure your environment supports TLS 1.2.
You notice that your Office 365 policy is not updated by the Central Updating Service of CodeTwo Email Signatures for Email Clients. When you change your signature templates (e.g. add a new layout), these changes are not synchronized to your Office 365, and Office 365 users still have the old (outdated) signatures.
You experience this problem because the software version that you have does not support TLS 1.2 and is therefore not able to connect to Office 365 to update your users' signatures.
To fix this issue, you need to update the program to the latest version.
If the problem exists after the update, you should make sure your environment supports TLS 1.2.
If you updated CodeTwo software to support TLS 1.2 but you still experience errors related to lack of TLS 1.2 connectivity, you should make sure your environment supports TLS 1.2 and has it enabled.
- See this MSDN article to learn about TLS 1.2 availability in Windows.
- If you're working in a server environment, see this Microsoft blog article for additional information. Some older systems (such as Windows Server 2008) have TLS 1.2 disabled or do not support it at all. The article shows how to ensure your Windows Server and Exchange Server version supports TLS 1.2.