TLS 1.3 on Active Directory/Domain Controller

Question

We are trying to enable TLS 1.3 on Active Directory / Domain Controller.

1. Is TLS 1.3 support on Active Directory / Domain Controller?
2. If supported, can you please point to any documentation / steps to enable it.

thanks
Kotesh

Answer 1

Hi Kotesh,

Is TLS 1.3 support on Active Directory / Domain Controller?
Yes TLS is supported Domain Controller. But i assume you are looking forward to enable 1.3 for server through GPO.

To enable please create Following registry key on server.

Starting at HKEY_LOCAL_MACHINE on the left hand side of the window, please navigate through the hive to the location \SYSTEM\CurrentcontrolSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3 in the registry, as below

Right click on the “Protocols” key, and select New then select Key

Name the new key TLS 1.3

Right click the TLS 1.3 key, select New then select Key

Name the new key Server

Right click the TLS 1.3 key, select New then select Key

Name the new key Client

Select the Server key, right click and select New, then select DWORD (32-bit) Value. A new value will now be created in the main field of the regedit window. In the Name field, type Enabled and click away from the key.

Create the last step in Client Key as well.

Feel free to ask for queries. Please accept the answer if this works for you.

Answer 2

Hi

TLS 1.3 is only available on Windows 2022 and only when fully patched.

Gary.

Answer 3

Hi,

It depends what is the Operating System version of your AD DC?

Please check this article as you requested and the supported OS and TLS settings - protocols-in-tls-ssl--schannel-ssp-

==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.