how to enable TLS 1.3 on windows server 2022 having ExchangeServer2019-x64-CU13 Installed.

deepak singh 0 Reputation points
2023-04-24T13:15:23.1733333+00:00

I am trying to enable TLS 1.3 on Windows server 2022 (Exchange 2019 installed)using registry key I have added key to – HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\EnableHTTP3 with Hexadecimal value as ‘1’ and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server\Enabled with Hexadecimal value as ‘1’ but still its pointing to tls 1.2 version.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,241 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,738 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Jimmy Hung 15 Reputation points
    2023-07-19T08:48:40.9233333+00:00

    You may also check the status of the cipher suites on the server, e.g. by running the following command.

    Get-TlsCipherSuite | foreach { $_.Name }
    

    For TLS 1.3, you should see one of the following cipher suites.

    • TLS_AES_256_GCM_SHA384
    • TLS_AES_128_GCM_SHA256
    • TLS_CHACHA20_POLY1305_SHA256

    If you do not see any, try enabling them using the command below.

    Enable-TlsCipherSuite -Name TLS_CHACHA20_POLY1305_SHA256 -Position 0
    Enable-TlsCipherSuite -Name TLS_AES_256_GCM_SHA384
    Enable-TlsCipherSuite -Name TLS_AES_128_GCM_SHA256
    
    3 people found this answer helpful.
    0 comments No comments

  2. Limitless Technology 43,991 Reputation points
    2023-04-25T14:44:03.1166667+00:00

    Hi, I'd be happy to help you out with your question. Sorry for the inconvenience caused. Enabling TLS 1.3 on your Windows Server Exchange 2022 involves a few steps. First, you need to make sure that your server is updated to the latest version, as TLS 1.3 is supported in Windows Server 2019 and higher. To enable TLS 1.3, you can use the Registry Editor on your Windows Server. You will need to navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3 key. If this key does not exist, you can create it. Under the TLS 1.3 key, create a subkey named "Server". Under the Server subkey, create a DWORD value named "Enabled" with a value of 1. The value data type should be set as a DWORD (32-bit) value. Once you have made these changes, you will need to restart your server for the changes to take effect. To verify that TLS 1.3 is enabled, you can use a tool like Wireshark to check the SSL/TLS protocol version used by your Exchange server. Make sure you have captured the network traffic between the client and server, and then filter the packets to show only SSL/TLS packets by using the "ssl" filter. Look for the Server Hello packet, which should contain the protocol version negotiated between the client and server. If TLS 1.3 is enabled, the protocol version should be 0x0304. If you have any other questions or need assistance with anything, please don't hesitate to let me know. I'm here to help.

    If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.

    2 people found this answer helpful.