- Manage Windows security and optimization features with Microsoft’s free PC Manager - Mon, Jan 23 2023
- IIS and Exchange Server security with Windows Extended Protection (WEP) - Wed, Jan 18 2023
- Remove an old Windows certificate authority - Mon, Jan 16 2023
Aside from the new HTTP/3 specification, the QUIC protocol is already in use today. If, for example, you captured network traffic between today's Chrome browser and Google's servers, you would see QUIC being used already. Microsoft also supports SMB over QUIC in Windows Server 2022 Azure Edition.
HTTP/3 will lead to advantages for performance-sensitive applications such as gaming, streaming, VOIP applications, and others. In addition, Microsoft Exchange benefits form HTTP/3 when accessed over the Web.
The HTTP/3 standard has not yet been completed. However, most major browsers, including Chrome, Edge, and Firefox, support HTTP/3 at this point.
Windows Server 2022 offers native HTTP/3 support
Windows Server 2022 provides many new features and enhancements, including implementing HTTP/3 in the web application stack for IIS. It will enable organizations to implement HTTP/3 in serving business-critical web applications moving forward with Windows Server 2022 web servers. While there is no official documentation for enabling HTTP/3 in IIS as of yet, let's take a look at the unofficially documented steps needed to enable hosting an HTTP/3 application in IIS.
Enabling HTTP/3 in Windows Server 2022
The process to implement serving HTTP/3 using IIS in Windows Server 2022 is a combination of the following:
- Registry keys: Add keys for TLS 1.3 and HTTP/3
- PowerShell cmdlets: Enable TLS_CHACHA20_POLY1305_SHA256 cipher
- Add the HTTP/3 response header
Add keys for TLS 1.3 and HTTP/3
To add the required HTTP/3 registry keys, you can create a single registry file using Notepad and merge the registry keys on your Windows Server 2022 server. Create a registry file with the following values:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters] "EnableHttp3"=dword:00000001 "EnableAltSvc"=dword:00000001
Save the above as a .reg file, and execute it on your Windows Server 2022 server using reg.exe.
Enable TLS_CHACHA20_POLY1305_SHA256 cipher
Next, use PowerShell to enable the TLS_CHACHA20_POLY1305_SHA256 cipher suite. To do that, use the following command:
Enable-TlsCipherSuite -Name TLS_CHACHA20_POLY1305_SHA256 -Position 0`
Add the HTTP/3 response header
Finally, add the HTTP/3 response header to your IIS website. In my Windows Server 2022 lab machine, I have just installed IIS using the default IIS website. I have bound a self-signed certificate to the site and enabled HTTPS 443 binding.
Under the HTTP Response Headers, add a custom HTTP response header with the following information:
- Name: alt-svc
- Value: h3=":443"; ma=86400; persist=1
After adding the response header, enabling the cipher suites, and merging the registry keys, reboot your Windows Server 2022 server.
Verifying HTTP/3 responses from IIS
Now, you can verify that you are getting HTTP/3 responses. I used the latest Firefox nightly build for the test, which is recommended for testing HTTP/3 connectivity. The latest nightly build already has HTTP/3 functionality turned on. Therefore, there is no additional configuration needed in the about:config file for Firefox.
Visit your HTTP/3-enabled website and view your developer console. You should be able to refresh the page and see that the protocol under the Network tab is now HTTP/3.
HTTP/3 offers great new features for security and performance for data exchange across the World Wide Web. However, it is still very new and has not yet been finalized by the IETF.
As shown, Windows Server 2022 can serve content from IIS over HTTP/3. The protocol may take some time to gain widespread adoption and the stability needed for production environments across most platforms.
Subscribe to 4sysops newsletter!
In the Microsoft blog post covering HTTP/3 in Windows Server 2022, some users have noted memory leaks with HTTP/3 enabled. Even with the current bugs, HTTP/3 holds promise for faster and more secure content across the Internet.