There is a new up-and-coming web technology known as HTTP/3. The new protocol is all about performance and security. It is built on top of the QUIC (Quick UDP Internet Connections) encrypted transport protocol. Windows Server 2022 natively supports HTTP/3 with Internet Information Services (IIS).

Aside from the new HTTP/3 specification, the QUIC protocol is already in use today. If, for example, you captured network traffic between today's Chrome browser and Google's servers, you would see QUIC being used already. Microsoft also supports SMB over QUIC in Windows Server 2022 Azure Edition.

HTTP/3 will lead to advantages for performance-sensitive applications such as gaming, streaming, VOIP applications, and others. In addition, Microsoft Exchange benefits form HTTP/3 when accessed over the Web.

The HTTP/3 standard has not yet been completed. However, most major browsers, including Chrome, Edge, and Firefox, support HTTP/3 at this point.

Windows Server 2022 offers native HTTP/3 support ^

Windows Server 2022 provides many new features and enhancements, including implementing HTTP/3 in the web application stack for IIS. It will enable organizations to implement HTTP/3 in serving business-critical web applications moving forward with Windows Server 2022 web servers. While there is no official documentation for enabling HTTP/3 in IIS as of yet, let's take a look at the unofficially documented steps needed to enable hosting an HTTP/3 application in IIS.

Enabling HTTP/3 in Windows Server 2022 ^

The process to implement serving HTTP/3 using IIS in Windows Server 2022 is a combination of the following:

  • Registry keys: Add keys for TLS 1.3 and HTTP/3
  • PowerShell cmdlets: Enable TLS_CHACHA20_POLY1305_SHA256 cipher
  • Add the HTTP/3 response header

Add keys for TLS 1.3 and HTTP/3 ^

To add the required HTTP/3 registry keys, you can create a single registry file using Notepad and merge the registry keys on your Windows Server 2022 server. Create a registry file with the following values:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]
"EnableHttp3"=dword:00000001
"EnableAltSvc"=dword:00000001

Save the above as a .reg file, and execute it on your Windows Server 2022 server using reg.exe.

Create a new Windows registry file containing the TLS 1.3 and HTTP3 values

Create a new Windows registry file containing the TLS 1.3 and HTTP3 values

Enable TLS_CHACHA20_POLY1305_SHA256 cipher ^

Next, use PowerShell to enable the TLS_CHACHA20_POLY1305_SHA256 cipher suite. To do that, use the following command:

Enable-TlsCipherSuite -Name TLS_CHACHA20_POLY1305_SHA256 -Position 0`
Enable the needed TLS cipher for HTTP3

Enable the needed TLS cipher for HTTP3

Add the HTTP/3 response header ^

Finally, add the HTTP/3 response header to your IIS website. In my Windows Server 2022 lab machine, I have just installed IIS using the default IIS website. I have bound a self-signed certificate to the site and enabled HTTPS 443 binding.

Under the HTTP Response Headers, add a custom HTTP response header with the following information:

  • Name: alt-svc
  • Value: h3=":443"; ma=86400; persist=1
Add the HTTP3 response header to your IIS website

Add the HTTP3 response header to your IIS website

After adding the response header, enabling the cipher suites, and merging the registry keys, reboot your Windows Server 2022 server.

Verifying HTTP/3 responses from IIS ^

Now, you can verify that you are getting HTTP/3 responses. I used the latest Firefox nightly build for the test, which is recommended for testing HTTP/3 connectivity. The latest nightly build already has HTTP/3 functionality turned on. Therefore, there is no additional configuration needed in the about:config file for Firefox.

Visit your HTTP/3-enabled website and view your developer console. You should be able to refresh the page and see that the protocol under the Network tab is now HTTP/3.

Verifying HTTP3 responses from Windows Server 2022

Verifying HTTP3 responses from Windows Server 2022

Final thoughts ^

HTTP/3 offers great new features for security and performance for data exchange across the World Wide Web. However, it is still very new and has not yet been finalized by the IETF.

As shown, Windows Server 2022 can serve content from IIS over HTTP/3. The protocol may take some time to gain widespread adoption and the stability needed for production environments across most platforms.

Subscribe to 4sysops newsletter!

In the Microsoft blog post covering HTTP/3 in Windows Server 2022, some users have noted memory leaks with HTTP/3 enabled. Even with the current bugs, HTTP/3 holds promise for faster and more secure content across the Internet.

1 Comment
  1. Olivier 5 months ago

    Hy Brandon
    Thanks for the tips, but why using a reg file, then a PS cmdlet, then GUI.
    You could do all tasks with PS.
    For the last One (perhaps the more complex) :

    Import-Module WebAdministration
    Add-WebConfigurationProperty
    -Filter “system.webServer/httpProtocol/customHeaders”
    -PSPath IIS:\Sites\$siteName -Name . -AtElement @{name=$headerName}
    -Value @{name=$headerName;value=$headerValue}

    $HeaderValue is a var populated with the value you’ve described.

Leave a reply

Your email address will not be published.

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account