Step by Step Guild to Enabling TLS 1.3 on Windows Server 2022

What is TLS 1.3?

TLS 1.3 (Transport Layer Security version 1.3) is the latest version of the TLS protocol, designed to secure data transmitted over networks. It provides significant improvements over its predecessor, TLS 1.2, enhancing both security and performance.

Benefits of TLS 1.3

Stronger Security: Reduces vulnerabilities and provides robust encryption, protecting data from interception and tampering.
Faster Connections: Decreases latency and speeds up secure connections, improving user experience and efficiency.
Simplified Implementation: Streamlined protocol reduces complexity, making it easier to implement and manage.

Enabling TLS 1.3 on Windows Server 2022 involves several steps to ensure that the protocol is activated and correctly configured. Here’s a step-by-step guide to help you through the process:

Ensure that your Windows Server 2022 system is up-to-date with the latest updates and patches. TLS 1.3 is supported natively in Windows Server 2022, so you should have a compatible version.

  1. Press Win + R to open the Run dialog, type in regedit.exe and click OK to open the Registry Editor.

In the Registry Editor, navigate to the following path  (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3)

 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3

If the Protocols key doesn’t exist, you’ll need to create it. Right-click on SCHANNEL, select New, and then Key, name the new key Protocols TLS 1.3.

Under the TLS 1.3 key, we are going to create a subkey for the Server. Right-click on TLS 1.3, select New, and then Key. Name the key Server.

Next, we need to create DWORD values to enable TLS 1.3. Right-click on Server, select New, and then DWORD (32-bit) Value. Name the new DWORD value Enabled and set its value to 1 (which enables TLS 1.3).

Repeat the process for the Client key. Under the TLS 1.3 key, we are going to create a subkey for the Client. Right-click on TLS 1.3, select New, and then Key. Name the key Client.

Next, we need to create DWORD values to enable TLS 1.3. Right-click on Client, select New, and then DWORD (32-bit) Value. Name the new DWORD value Enabled and set its value to 1 (which enables TLS 1.3).

Close the Registry Editor and restart your Windows Server 2022 to apply the changes.

Let’s verify the changes using IIS Crypto. Click here to download IIS Crypto. Download based on your preference. For this example, I will download the GUI version, as shown below.

Locate the application downloaded and double-click it to run the IIS Crypto application.

Click the accept button to accept the License Agreement

Now, we have TLS 1.3 enabled, as shown in the screenshot below.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

CHAT