This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I am working with the Outlook version:
Microsoft® Outlook® para Microsoft 365 MSO (versión 2403 compilación 16.0.17425.20176) de 64 bits
For the digital signature of the messages I have configured the SHA256 algorithm. All messages are signed with this hash algorithm. Perfect.
The problem comes when I encrypt and sign a message. In that case, the encryption is done with the algorithm I have configured (AES256), but the signature uses a SHA1 hash.
Given the progressive lack of trust in SHA1 by mail clients, signing messages with this algorithm is very problematic.
Is it a bug? Can the configuration be further tweaked?
Using classic Outlook for Windows in educational settings
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
Hi Eleni,
Thank you for your comments.
The feedback you mention:
is unrelated to this problem.
I have already opened a ticket about this problem:
but I don't think that fixing a bug should depend on people's votes. You are not asking for a new feature but for it to work properly.
Regards
Hi Eleni,
Thank you for your response.
I know how to configure the algorithm (hash) used in the signature and avoid using SHA1.
In fact, I opened this ticket because Outlook ignores this configuration: it erroneously uses SHA1 when encrypting and signing an email. Regardless of how the account security is configured.
To summarize:
This is a bug in the client that should be fixed
HI mimaen,
Good day!
Thank you for Replying to the Microsoft Community. We are glad to assist.
after alotof search about your problem , you need to check configure Outlook to use modern algorithm settings ,
you need to follow below steps :
These registry keys need to be set before you configure the security profile. If a security profile has already been set up, make a note of the settings, then delete the security profile, restart Outlook, and create a new security profile.
To view and configure security settings, click the File menu, then click Options, Trust Center, click the Trust Center Settings button, then click Email Security, and then the Settings button.
To set the following higher security algorithms as the new defaults, use the registry settings below:
The security profile should look like this:
**Note :**please update your Vote to help other people have same Question .
Thanks for your precious time. Have a nice day!
Hi Eleni,
Thank you for the quick response.
But the problem is unique to the Outlook client. There is no server involved in signing/encrypting my messages.
I don't use an Exchange account and the certificates (and private keys) are only accessible to the client.
Regards
HI mimaen,
Good day!
Thank you for posting to Microsoft Community. We are glad to assist.
Based on your post regarding with "Outlook does not always use the configured algorithm for digital signature (S/MIME)". It seems that the cause of the problem is most likely due to an error on the server backend. Because our forum lacks relevant resources and permissions, It is advised to create a service ticket in the Microsoft 365 admin center, as they have more access permissions than on this forum, and the dedicated team of professional engineers will further assist you.
Here is how to get Online support | Microsoft Learn
Note: If you are not using an admin account, kindly reach out to your IT administration within your organization for help.
Thanks for your precious time. Have a nice day!