The Windows system update on October 11, 2021 included a change to
disable TLS 1.0 and 1.1 by default.
- Windows blog post: [Plan for change: TLS 1.0 and TLS 1.1 soon to be
disabled by
default](https://blogs.windows.com/msedgedev/2020/03/31/tls-1-0-tls-1-1-schedule-update-edge-ie11/)
- Windows support article: [KB5017811—Manage Transport Layer Security
(TLS) 1.0 and 1.1 after default behavior change on September 20,
2022](https://support.microsoft.com/en-us/topic/kb5017811-manage-transport-layer-security-tls-1-0-and-1-1-after-default-behavior-change-on-september-20-2022-e95b1b47-9c7c-4d64-9baf-610604a64c3e)
- Blog post: [Windows 10: Beware of a possible TLS disaster on October
2022
patchday](https://borncity.com/win/2022/10/11/windows-10-achtung-vor-einem-mglichen-tls-desaster-zum-oktober-2022-patchday/)
Our QMT v1.3 system with this issue does support TLS 1.2 for smtp and
submission, but Courier IMAP only supports up to TLS 1.0. Results via
testssl.sh:
## smtp and submission
SSLv2 not offered (OK)
SSLv3 offered (NOT ok)
TLS 1 offered (deprecated)
TLS 1.1 offered (deprecated)
TLS 1.2 offered (OK)
TLS 1.3 not offered and downgraded to a weaker protocol
## imap
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 offered (deprecated)
TLS 1.1 not offered
TLS 1.2 not offered and downgraded to a weaker protocol
TLS 1.3 not offered and downgraded to a weaker protocol
NPN/SPDY not offered
ALPN/HTTP2 not offered
Because the error should only occur when TLS 1.2 is not available, I
think the `Ox800CCC1A` in Outlook occurs when doing an IMAP transaction.
[This
thread](https://www.mail-archive.com/[email protected]/msg43073.html)
started by Janno Sannik a couple years ago contains some hints how to
upgrade or replace Courier for better TLS support.
Quinn
