How To Enable HTTP/3 For IIS On Windows Server 2022

IIS HTTP 3IIS HTTP 3

Windows Server 2022 was released in 2021 which introduced native support for HTTP/3. HTTP/3 is an improvement on HTTP2 that makes websites on Internet Information Services (IIS) load faster with more security.

That said, HTTP/3 still needs to be enabled on Server 2022. In this article, we show you how to enable HTTP/3 and configure all relevant settings.

What is HTTP/3

The “3” in HTTP/3 denotes the third major iteration of the Hypertext Transfer Protocol. This protocol is the backbone of the entire internet services that you use today since much of the communication between the servers is carried out using this protocol.

HTTP/3 is a new standard in development that will affect how web browsers and servers communicate. It was released in June 2022, after its last major iteration in 2015.

When the first internet protocols were created, devices were less portable and did not swap networks frequently. The fact that HTTP/3 utilizes the new transport protocol Quick UDP Internet Connection (QUIC) is a significant benefit for these mobile devices.

QUIC is intended for internet users that are heavily reliant on mobile devices, such as smartphones. This protocol significantly reduces the delay caused by the transfer of the internet connection between wi-fi and cellular data.

It also has other benefits, like zero round-trip time (0-RTT), where time is not wasted to re-establish a connection through a handshake when a client device has already connected to a server. Additionally, HTTP/3 also has more comprehensive encryption, making it the most secure HTTP iteration yet.

With the benefits of HTTP/3 known, let us show you how to enable it on Windows Server 2022.

Note: It is assumed that you have already enabled IIS and installed IIS Manager on your server.

Enable HTTP/3 for IIS on Server 2022

Enabling HTTP/3 for ISS on Windows Server 2022 is a 3-part method. Here are the 3 things that need to be done:

  1. Enable TLS 1.3
  2. Add TLS_CHACHA20_POLY1305_SHA256 cipher suite for TLS connections
  3. Add an HTTP/3 response code to the HTTP header of your IIS website

We have divided these steps into different sections into the following sections. Continue to perform the following methods in the given order to enable HTTP/3 for IIS.

Enable TLS 1.3 and HTTP/3

To enable TLS 1.3 and HTTP/3 on Server 2022, you must make changes to the Registry. We have simplified the process for you by providing a .REG file that you can download and execute on your Server 2022 machine.

Note: Misconfiguration of critical values in the system’s registry could be fatal for your operating system. Therefore, we insist that you create a system restore point before proceeding forward with the process.

You can also use our top selection of disk imaging and backup software so you never lose your data or operating system again.

How To Enable HTTP/3 For IIS On Windows Server 2022 1  Add Registry keys for TLS 1.3 and HTTP3 (1,024 bytes, 321 hits)

Click on the given link to download the compressed file. Extract its contents and then run the Registry file to enable TLS 1.3 and HTTP/3. Continue through with any confirmations and prompts that you may receive.

Run REG file
Run REG file

Add the Cipher

Next, you must enable the “TLS_CHACHA20_POLY1305_SHA256” cipher suite on the server. This can be done by running a simple cmdlet in PowerShell.

Run the following cmdlet in an elevated PowerShell instance:

Enable-TlsCipherSuite -Name TLS_CHACHA20_POLY1305_SHA256 -Position 0
Enable cipher
Enable cipher

Add HTTP/3 Response Code to HTTP Header

Now, we must add the HTTP/3 response code to the HTTP header for your website created in IIS on your server. Here is a step-by-step guide on how to do it successfully:

  1. Open the IIS Management console.

  2. Navigate to your website from the left pane.

    Open site in IIS Manager
    Open site in IIS Manager
  3. Click “Bindings” in the right pane, under the “Edit site” section.

    Open site bindings
    Open site bindings
  4. Click Add.

    Add binding
    Add binding
  5. Select Type “https” and ensure that the port is “443.”

    Configure https binding
    Configure HTTPS binding
  6. Assign a self-signed certificate and click Ok.

    Assign certificate
    Assign certificate

    You can create a self-signed certificate by going to IIS Manager >> Server (left pane) >> Server Certificates >> Create Self-Signed Certificate (right pane).

  7. Remove the default binding entries.

    Remove other binding enteries
    Remove other binding entries
  8. Now open “HTTP Response Headers.”

    Open HTTP Response Headers
    Open HTTP Response Headers
  9. Click Add.

    Add a response header
    Add a response header
  10. Enter the following details as name and value and click Ok:

    • Name: alt-svc
    • Value: h3=”:443″; ma=86400; persist=1
    Add HTTP response header
    Add HTTP response header
  11. Now restart the server for the changes to take effect.

You have now successfully configured HTTP/3 for IIS on Server 2022. However, there are still a few confirmations to make before proceeding.

Make sure that QUIC traffic (Port 443) is allowed through the firewall. Run the following cmdlet in PowerShell. If the status returns as “True,” it means that it has been allowed. If not, then you must either allow the port through the firewall or disable it completely.

Get-NetFirewallRule | ?{ $_.DisplayName -eq "World Wide Web Services (QUIC Traffic-In)" }|select name,enabled, status
Check firewall status for 443 port
Check firewall status for 443 port

Check HTTP/3 Responses

Now that you have successfully configured HTTP/3 for IIS, you must confirm if it is working or not. Perform the following steps to verify that HTTP/3 has been enabled successfully:

  1. Open your local website in any web browser.

    If you are running a dummy website, then you must enter “https://localhost:443” in the browser’s address bar.

    Access the local website
    Access the local website
  2. Press CTRL+ Shift + I to enter Inspect Mode.

  3. Switch to the “Network” tab.

    Open Network tab in Inspect Mode
    Open the Network tab in Inspect Mode
  4. Press CTRL + R to refresh the data, and then add the Protocol column.

    Refresh
    Refresh
  5. The Protocol column should list “h3,” signifying the use of HTTP/3 protocol.

Conclusion

Running the HTTP/3 protocol instead of HTTP/2 or older will make the end user’s browsing experience much faster, especially if they are always on the go and switch between mobile data and wi-fi.

Additionally, you will have more complex encryption, which means more security for your website.

Let us know your experience with HTTP/3 in the comments below.

If you liked this post, Share it on:
Subhan Zafar is an established IT professional with interests in Windows and Server infrastructure testing and research, and is currently working with Itechtics as a research consultant. He has studied Electrical Engineering and is also certified by Huawei (HCNA & HCNP Routing and Switching).

Leave the first comment

Get Updates in Your Inbox

Sign up for the regular updates and be the first to know about the latest tech information

Talk to us now

Talk to us straight and get your questions answered right away

Tell Us About Your Project