Thanks for reaching out to cPanel support. I'm sorry to hear that you are experiencing issues with email while using Outlook on Windows 7.
Version 68 of cPanel introduced new SSL ciphers to increase the security of the mail server; this enables TLS 1.2 and disables older SSL protocols such as TLS 1.0.
You can read more on this through our blog post here, TLS Changes in Version 68. https://blog.cpanel.com/tls-changes-in-version-68/
While cPanel makes every effort to ensure our product is as secure as possible, this does mean older operating systems and mail clients will be affected.
Due to Windows 7 being an older system, versions of Outlook (2007 & 2010) on Windows 7 can only offer TLS 1.0 and below. Microsoft did release a patch to resolve this and enable the newer protocols, TLS 1.1 and TLS 1.2. You can read more information on Microsoft's blog here: https://blogs.technet.microsoft.com/schrimsher/2016/07/08/enabling-tls-1-1-and-1-2-in-outlook-on-windows-7/
Please keep in mind this is not a defect or an issue with cPanel, but an incompatibility with outdated client software. Updating the client software to support TLS 1.2 will help maintain overall security.
There are two options to help resolve the issues you are currently facing. Please note, Option 1 is the recommended solution.
[Option 1]: (RECOMMENDED) To enable TLS 1.2 for Windows 7, you will need to patch your system to modify the registry. Be sure your system is fully updated through the update center, and then download and install the patch from Microsoft's website here: https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in
After that is installed, be sure to reboot your local computer as well to ensure the patch was applied. Once you're back online, please try to connect to the cPanel server again.
[Option 2]: (NOT RECOMMENDED) If you must enable TLS 1.0 on the WHM/cPanel server for compatibility, then in WHM >> Home >> Service Configuration >> Exim Configuration Manager > Basic Settings:
Ensure that "Allow weak SSL/TLS ciphers" is "Off".
Change "SSL/TLS Cipher Suite List" to (this is one long line):
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
And change "Options for OpenSSL" to:
+no_sslv2 +no_sslv3
Then "Save" at the bottom of the page.
This will enable TLS 1.0, 1.1, and 1.2 and should provide compatibility with older mail servers and clients that only support TLS 1.0.
For Dovecot in WHM >> Home >> Service Configuration >> Mailserver Configuration:
Change "SSL Cipher List" to (this is one long line):
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
Change "SSL Protocols" to:
!SSLv2 !SSLv3
Once that is enabled, or you have fully patched your Windows install, Windows should be able to connect to the server again.
Please let me know if you have any other questions.
Thanks!
