SSL/TLS issue with Outlook 2013

Topic

New Reply

So far neither an Outlook tech from MS remotely controlling my computer nor the email server admin has been able to get my desktop Outlook 2013 (365 Home) to connect to either the secure IMAP port 993 or secure POP3 port 995. Oddly, my wife’s system set up nearly identical to mine, except for using Outlook 2007, can use the same settings as me and successfully connects to the secure ports.

The issue is specifically with the mail servers for my website. The cPanel recommended settings are the same that I had used successfully until sometime last month when I would get an error that the encryption method was not supported by the server I’m trying to connect to.
While travelling late last month, I had the identical error trying to download mail from Comcast. Within a few hours, I could once again connect securely.
In addition to making sure that Outlook is configured for the mail account correctly, I created a new profile, having it create a new data file. I’ve also temporarily disabled both my anti-malware and firewall.

Googling the error turns up many examples of the same issue, but most are old and resolved by the email server admin. My webhost admin seems stumped, so I would like to point him in the right direction. Does anyone have suggestions?

Reply | Quote

Replies

Try the Custom TLS test at CheckTLS.com. That should enable you to test your ISP’s server (you have to enter your user/pass to test, obviously).
http://www.checktls.com/tests.html#Custom

[Edit]
Or dotcom-monitor.
https://www.dotcom-tools.com/email-server-test.aspx

cheers, Paul

Reply | Quote

Thanks Paul,
I didn’t know about either site.
Using the custom tls test, confirmed that I couldn’t connect, which I knew.
I installed Thunderbird to see if it could connect. It could. There are settings that I don’t see in Outlook 2013. I used the default port 995 which is what I wanted anyway. Under Security Settings I set the connection security to SSL/TLS, the Authentication method to TLS Certificate. It’s the authentication method specificity that is missing from Outlook 2013. It seems more concerned with authenticating SMTP than POP3 or IMAP.

Reply | Quote

Step 10 on this site shows the port setting for IMAP.
https://help.1and1.com/e-mail-and-office-c37589/outlook-c85091/set-up-e-mail-with-microsoft-outlook-2013-using-imap-a792412.html

cheers, Paul

Reply | Quote

Hi Paul,
I’ve been doing more research on the issue. Microsoft issued a security advisory 3009008 after discovery of the Poodle bug affecting SSL 3.0. SSL was removed from most server installations and disabled in IE11. That wasn’t a problem as TLS was available (or installed on most servers) and could be used by browsers. TLS is active on both my incoming and outgoing mail servers. The problem seems to be that Outlook 2013 only uses SSL for incoming mail. Setting up Thunderbird to use TLS for POP3 connects properly. I have continued to be able to connect to the secure port for SMTP. It is only POP3 or IMAP that shows the server does not support the selected encryption method.

A MS tech tried to assure people in the MS Community Forum that it really wasn’t a security flaw. I assume that is why there has not been a patch for Outlook 2013 yet.

I’m not sure what 1&1 (in your link) or other large email providers have done as a workaround that allows the SSL setting for incoming mail. One of my accounts is a Comcast.net email address. It, too, works when POP3 is configured as SSL connecting to port 995. I suspect that they briefly took that connection offline a couple of weeks ago, as I couldn’t connect for a few hours, but it later resumed.

Reply | Quote

Are you clicking on “More Settings” and then the Advanced tab when you setup or change the account properties?

Joe

--Joe

Reply | Quote

Are you clicking on “More Settings” and then the Advanced tab when you setup or change the account properties?

Joe

I don’t know how you could change the ports for POP3 or SMTP without clicking on More Settings and the Advanced.

Reply | Quote

It took a lot of persistence, but I can finally connect to Pop2 using encryption.:D MS posted a security bulletin about a security flaw found in SSL 3.0. Soon afterward, most servers disabled SSL 3.0, and moved to TLS. This didn’t present a problem for browsers and Https webmail was still possible. The clue, for me was when I loaded Thunderbird where I could specify TLS for POP3 and it connected without error. Back in Outlook 2013, only SSL could be specified for POP3; only SMTP had the option for TLS encoding. I shared that info with the email server admin. He made some adjustments and asked me to try again. This time I could specify POP3 connecting to port 995 using SSL. I then had to change the SMTP encoding from TLS to SSL.

My guess is that he did a workaround to allow a version of SSL rather than TLS. It’s not ideal, but most workarounds are not and it’s better than no encryption while waiting for MS to issue a patch.:rolleyes:
Don

So far neither an Outlook tech from MS remotely controlling my computer nor the email server admin has been able to get my desktop Outlook 2013 (365 Home) to connect to either the secure IMAP port 993 or secure POP3 port 995. Oddly, my wife’s system set up nearly identical to mine, except for using Outlook 2007, can use the same settings as me and successfully connects to the secure ports.

The issue is specifically with the mail servers for my website. The cPanel recommended settings are the same that I had used successfully until sometime last month when I would get an error that the encryption method was not supported by the server I’m trying to connect to.
While travelling late last month, I had the identical error trying to download mail from Comcast. Within a few hours, I could once again connect securely.
In addition to making sure that Outlook is configured for the mail account correctly, I created a new profile, having it create a new data file. I’ve also temporarily disabled both my anti-malware and firewall.

Googling the error turns up many examples of the same issue, but most are old and resolved by the email server admin. My webhost admin seems stumped, so I would like to point him in the right direction. Does anyone have suggestions?

Reply | Quote

I was just double checking about the dialog boxes being used. I use Outlook 2013 and on an IMAP account I have TLS is an option for the incoming port.

I read in a thread that Outlook would use TLS if SSL was not available even though SSL was specified in the account configuration. Did you actually try to connect to 995 with SSL specified before the workaround was implemented?

Joe

--Joe

Reply | Quote

I was just double checking about the dialog boxes being used. I use Outlook 2013 and on an IMAP account I have TLS is an option for the incoming port.

I read in a thread that Outlook would use TLS if SSL was not available even though SSL was specified in the account configuration. Did you actually try to connect to 995 with SSL specified before the workaround was implemented?

Joe

I tried many times, on different days, shutting down Outlook, restarting Windows, even completely shutting down windows and restarting the next morning. I tried with POP using port 995, I tried with IMAP using port 993. Those were the secured port specified by the email admin. When the MS tech did a remote login, he also tried connecting to POP using port 2013. The error was always that the specified encryption method was not supported by the server. All of my accounts are POP accounts because they contain info that needs to be stored locally. I don’t recall whether TLS was an option for incoming if the account was set for IMAP rather than POP. It isn’t for POP, though it is for SMTP.

Reply | Quote