How Do You Enable HTTP/3 on IIS?

How Do You Enable HTTP/3 on IIS?

Problem Description:

The new HTTP/3 protocol is supposed to be faster and more secure than HTTP/2. How do I enable it on Windows Server running IIS websites?

Solution – 1

As of this writing, HTTP/3 is only supported on Windows Server 2022. If you are on any previous version, I’m afraid you are out of luck.

Assuming you are on Windows Server 2022, here is how you enable it.

Step 1: Update the Windows Registry

Copy and paste the following text into a new .reg file. You can call it something like "enable-http-3.reg"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.3Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.3Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesHTTPParameters]
"EnableHttp3"=dword:00000001
"EnableAltSvc"=dword:00000001

Reg file in Notepad
Once saved, execute it on your Windows Server 2022 by double-clicking it, or by using reg.exe.

Step 2: Enable TLS Cipher

Note: Based on feedback from other users, this step may be optional. However, I needed to enable it on my installation.

Open PowerShell as Administrator to enable the TLS_CHACHA20_POLY1305_SHA256 cipher suite. Execute the following command in PowerShell:
Enable-TlsCipherSuite -Name TLS_CHACHA20_POLY1305_SHA256 -Position 0
Powershell screenshot

Step 3: Allow UDP Connections on Port 443

HTTP/3 uses QUIC protocol which uses incoming UDP connections on port 443. You’ll need to allow connections if you’re using a firewall. Here is how the rule might look in Windows Firewall:
Firewall rule details 1
Firewall rule details 2

Step 4: Add HTTP/3 Response Headers to IIS

HTTP/3 requires some special response headers within IIS. Select either the website, or the machine within IIS and select "HTTP Response Headers."

Create a new response header with the name alt-svc and the value h3=":443"; ma=86400; persist=1.

IIS showing location of HTTP response headers
Response header editor

That’s it! Now test to make sure HTTP/3 is working in your browser. Many modern browsers li support HTTP/3 so you shouldn’t need any configuration changes. However, one thing to note is that HTTP/3 only works on HTTPS connections, so if you’re loading a website using HTTP, it will not work. Make sure to configure websites in IIS to use HTTPS protocol.
IIS site bindings

You will know when HTTP/3 is working via the browser’s dev tools. Open developer tools, click on the network tab and note the protocol column. Chrome 108.0.5359.94 screenshot:
enter image description here

Firefox 107.0.1 screenshot:
Firefox screenshot

Troubleshooting Tips

  • Reboot Windows 2022 server
  • Make sure the website is loaded via HTTPS! Do you see the lock icon in the browser?
  • Completely close the browser (all tabs) and restart it before loading the website
  • Disable the browser cache via browser developer tools when testing
  • Completely clear the browser cache and reboot the client machine(s).

More resources and references:

Rate this post
We use cookies in order to give you the best possible experience on our website. By continuing to use this site, you agree to our use of cookies.
Accept
Reject