如何在 IIS 上启用 HTTP/3？

Question

The new HTTP/3 protocol is supposed to be faster and more secure than HTTP/2. How do I enable it on Windows Server running IIS websites?

Answer 1

As of this writing, HTTP/3 is only supported on Windows Server 2022. If you are on any previous version, I'm afraid you are out of luck.

Assuming you are on Windows Server 2022, here is how you enable it.

Step 1: Update the Windows Registry

Copy and paste the following text into a new.reg file. You can call it something like "enable-http-3.reg"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]
"EnableHttp3"=dword:00000001
"EnableAltSvc"=dword:00000001

Once saved, execute it on your Windows Server 2022 by double-clicking it, or by using reg.exe.

Step 2: Enable TLS Cipher

Note: Based on feedback from other users, this step may be optional . However, I needed to enable it on my installation.

Open PowerShell as Administrator to enable the TLS_CHACHA20_POLY1305_SHA256 cipher suite. Execute the following command in PowerShell: Enable-TlsCipherSuite -Name TLS_CHACHA20_POLY1305_SHA256 -Position 0

Step 3: Allow UDP Connections on Port 443

HTTP/3 uses QUIC protocol which uses incoming UDP connections on port 443 . You'll need to allow connections if you're using a firewall. Here is how the rule might look in Windows Firewall:

Step 4: Add HTTP/3 Response Headers to IIS

HTTP/3 requires some special response headers within IIS. Select either the website, or the machine within IIS and select "HTTP Response Headers."

Create a new response header with the name alt-svc and the value h3=":443"; ma=86400; persist=1 h3=":443"; ma=86400; persist=1 h3=":443"; ma=86400; persist=1 .

That's it. Now test to make sure HTTP/3 is working in your browser. Many modern browsers li support HTTP/3 so you shouldn't need any configuration changes, However, one thing to note is that HTTP/3 only works on HTTPS connections , so if you're loading a website using HTTP, it will not work. Make sure to configure websites in IIS to use HTTPS protocol.

You will know when HTTP/3 is working via the browser's dev tools. Open developer tools, click on the.network tab and note the protocol column. Chrome 108.0.5359.94 screenshot:

Firefox 107.0.1 screenshot:

Troubleshooting Tips

• Reboot Windows 2022 server
• Make sure the website is loaded via HTTPS? Do you see the lock icon in the browser?
• Completely close the browser (all tabs) and restart it before loading the website
• Disable the browser cache via browser developer tools when testing
• Completely clear the browser cache and reboot the client machine(s).

More resources and references:

• https://4sysops.com/archives/increase-iis-performance-with-http3-in-windows-server-2022/
• https://blog.workinghardinit.work/2021/10/11/iis-and-http-3-quic-tls-1-3-in-windows-server-2022/
• https://techcommunity.microsoft.com/t5.networking-blog/enabling-http-3-support-on-windows-server-2022/ba-p/2676880