Share via

Enable TLS 1.3 on IIS Web Server with Windows 2022

Anonymous
2024-10-26T05:43:57+00:00

I have a Windows 2022 Web Server with IIS that runs different websites. I am trying to Enable TLS 1.3 and have followed several sites where they say to add a Registry Key for TLS 1.3 for both client and server. I added the keys, rebooting the server but when I check my site on ssllabs.com it still shows only TLS 1.2 is active and

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

How can I get it to show TLS 1.3 is shown?

Windows for business | Windows Server | Directory services | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-10-28T09:09:31+00:00

    Hello Sameer Rao,

    Thank you for posting in Microsoft Community forum.

    For Windows Server 2022, the following cipher suites are enabled and in this priority order by default using the Microsoft Schannel Provider:

    TLS_AES_256_GCM_SHA384 Yes TLS 1.3
    TLS_AES_128_GCM_SHA256 Yes TLS 1.3

    The following cipher suites are supported by the Microsoft Schannel Provider, but not enabled by default:

    TLS_CHACHA20_POLY1305_SHA256 Yes TLS 1.3

    You can add the three above via registry below:

    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server

    Image

    TLS Cipher Suites in Windows Server 2022. - Win32 apps | Microsoft Learn

    Transport Layer Security (TLS) registry settings | Microsoft Learn

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    1 person found this answer helpful.
    0 comments
  2. Anonymous
    2024-10-28T11:17:43+00:00

    I already did this but when I check my site it doesn't show TLS 1.3

    1 person found this answer helpful.
    0 comments
  3. Anonymous
    2024-10-29T07:59:25+00:00

    Hello

    Greetings!

    Based on the description "but when I check my site it doesn't show TLS 1.3", where did you see it does not show TLS 1.3?

    Best Regards,
    Daisy Zhou

    1 person found this answer helpful.
    0 comments
  4. Anonymous
    2024-10-31T14:54:08+00:00

    I use the site https://www.ssllabs.com/ and I can enter the URL of my site and it tells me what cipher suites are enabled and what is not. For TLS 1.3 it shows me No. I also tried the site https://hackertarget.com/ssl-check/ and it tells me:

    TLS 1.3 Cipher Suites: Attempted to connect using 5 cipher suites; the server rejected all cipher suites.

    I am not sure where the cipher suites are getting rejected as Windows Firewall is disabled.

    1 person found this answer helpful.
    0 comments
  5. Anonymous
    2024-11-01T07:48:18+00:00

    Hello

    You can check if the TLS 1.3 is enabled on specific machine using the tool/app below.

    Nartac Software - IIS Crypto

    Nartac Software - Download

    Best Regards,
    Daisy Zhou

    1 person found this answer helpful.
    0 comments