Windows OS Hub
  • Windows
    • Windows 11
    • Windows 10
    • Windows Server 2025
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
    • Proxmox
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows 10
    • Windows Server 2025
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
    • Proxmox
  • PowerShell
  • Linux

 Windows OS Hub / Windows Server 2022 / Enable HTTP/3 Support for IIS on Windows Server 2022

December 29, 2022

Enable HTTP/3 Support for IIS on Windows Server 2022

Windows Server 2022 introduces native support for the HTTP/3 protocol which makes the loading of IIS website pages faster and improves security. The most important feature of HTTP/3 is that it is based on QUIC (Quick UDP Internet Connections) transport protocol working over UDP. Users with a slow and unstable Internet connection get the highest profit from HTTP/3. Let’s look at how to enable HTTP/3 support for an Internet Information Service (IIS 10.0.20348+) website running on Windows Server 2022.

To enable HTTP/3 support in IIS, you need to configure some options in Windows:

  1. Enable TLS 1.3 on Windows Server (required for using QUIC and HTTP/3);
  2. Add TLS_CHACHA20_POLY1305_SHA256 cipher suite for TLS connections;
  3. Add an HTTP/3 response code to the HTTP header of your IIS website.

Edit some registry options to enable TLS 1.3 support on Windows Server (in this example, we enable TLS 1.3 client and server support).

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client" /v DisabledByDefault /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client" /v Enabled /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server" /v DisabledByDefault /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server" /v Enabled /t REG_DWORD /d 1 /f

enable tls 1.3 on windows server 2022

Here is an article on how to enable and disable TLS versions using GPO.

Enable HTTP/3 support for IIS:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters" /v EnableHttp3 /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters" /v EnableAltSvc /t REG_DWORD /d 1 /f

Then enable a special TLS cipher using the PowerShell command:

Enable-TlsCipherSuite -Name TLS_CHACHA20_POLY1305_SHA256 -Position 0

Make sure that the cipher suite support has been enabled:

(Get-TlsCipherSuite).Name | Select-String CHACHA

PowerShell: Enable Cipher Suite TLS_CHACHA20_POLY1305_SHA256

Then add HTTP/3 to the response header of your website. Create a simple site in IIS (you may use a default website for the test), bind an SSL certificate to the website (you may use a self-signed Windows certificate, but your client must trust it), and bind the website to port 443 (from the Edit Bindings menu).

Note that some additional options (Disable QUIC, Disable TLS 1.3 over TCP, Disable Legacy TLS) have appeared in the website binding form in IIS.

enable HTTP/3 on IIS

Then open the HTTP Response Headers section in the IIS website settings and add the following option to the list of HTTP responses:

  • Name: alt-svc
  • Value: h3=":443"; ma=86400; persist=1

Add HTTP/3 response headers

You can add this HTTP Header option using PowerShell:

Import-Module WebAdministration
$siteName ="Default Web Site"
$headerName="alt-svc"
$headerValue='h3=":443"; ma=86400; persist=1'
Add-WebConfigurationProperty -Filter "system.webServer/httpProtocol/customHeaders" -PSPath IIS:\Sites\$siteName -Name . -AtElement @{name=$headerName}-Value @{name=$headerName;value=$headerValue}

Make sure that QUIC (Port 443/UDP) traffic is allowed in Microsoft Defender Firewall:

Get-NetFirewallRule | ?{ $_.DisplayName -eq "World Wide Web Services (QUIC Traffic-In)" }|select name,enabled, status

World Wide Web Services (QUIC Traffic-In) firewall rule

If the rule is inactive, enable the Windows Defender Firewall rule using PowerShell:

Get-NetFirewallRule IIS-WebServerRole-QUIC-In-UDP|enable-netfirewallrule

Restart Windows Server. After the restart, make sure that the IIS website responds over HTTP/3 (all modern browsers support the HTTP/3 protocol by default).

  1. Open a webpage of your IIS site in a browser (I used built-in Microsoft Edge), enable the Inspect mode, and go to the Network tab;
  2. Add the Protocol column and refresh the page (F5);
  3. Make sure that H3 is specified in the Protocol column. It means that HTTP/3 is used to connect to the website. check if an IIS website has HTTP/3 protocol support
2 comments
5
Facebook Twitter Google + Pinterest
PowerShellWindows Server 2022
previous post
Granting Send As and Send on Behalf Permissions in Exchange Server/Microsoft 365
next post
How to Create a Scheduled Task Using GPO

Related Reading

Fix: Remote Desktop Licensing Mode is not Configured

August 24, 2023

How to Install Remote Server Administration Tools (RSAT)...

March 17, 2024

How to Delete Old User Profiles in Windows

March 15, 2024

Managing Windows Firewall Rules with PowerShell

March 11, 2024

Install and Manage Windows Updates with PowerShell (PSWindowsUpdate)

March 17, 2024

Start Menu or Taskbar Search Not Working in...

April 22, 2025

Configuring SSH Public Key Authentication on Windows

March 15, 2024

Using PowerShell Behind a Proxy Server

March 17, 2024

2 comments

Lynks August 25, 2023 - 8:58 pm

What’s the benefits of http3?

Reply
no January 26, 2024 - 3:25 pm

EnableAltSvc registry key doesnt seem to work, running windows server 2022… the fact MS hides all this behind registry keys is ridiculous. one of the selling points of server 2022 was its support for these protocols yet MS has disabled them by default?!

Reply

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Recent Posts

  • How to Detect Which User Installed or Removed a Program on Windows

    June 23, 2025
  • Encrypt Any Client-Server App Traffic on Windows with Stunnel

    June 12, 2025
  • Failed to Open the Group Policy Object on a Computer

    June 2, 2025
  • Remote Desktop Printing with RD Easy Print Redirection

    June 2, 2025
  • Disable the Lock Screen Widgets in Windows 11

    May 26, 2025
  • Configuring Windows Protected Print Mode (WPP)

    May 19, 2025
  • Map a Network Drive over SSH (SSHFS) in Windows

    May 13, 2025
  • Configure NTP Time Source for Active Directory Domain

    May 6, 2025
  • Cannot Install Network Adapter Drivers on Windows Server

    April 29, 2025
  • Change BIOS from Legacy to UEFI without Reinstalling Windows

    April 21, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • Install and Manage Windows Updates with PowerShell (PSWindowsUpdate)
  • How to Download Offline Installer (APPX/MSIX) for Microsoft Store App
  • How to Delete Old User Profiles in Windows
  • Fix: Remote Desktop Licensing Mode is not Configured
  • Configuring Port Forwarding in Windows
  • How to Install Remote Server Administration Tools (RSAT) on Windows
  • Start Menu or Taskbar Search Not Working in Windows 10/11
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top