How Do You Enable HTTP/3 on IIS?
The new HTTP/3 protocol is supposed to be faster and more secure than HTTP/2. How do I enable it on Windows Server running IIS websites?
As of this writing, HTTP/3 is only supported on Windows Server 2022. If you are on any previous version, I'm afraid you are out of luck.
Assuming you are on Windows Server 2022, here is how you enable it.
Step 1: Update the Windows Registry
Copy and paste the following text into a new .reg file. You can call it something like "enable-http-3.reg"
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]
"EnableHttp3"=dword:00000001
"EnableAltSvc"=dword:00000001
Once saved, execute it on your Windows Server 2022 by double-clicking it, or by using reg.exe.
Step 2: Enable TLS Cipher
Note: Based on feedback from other users, this step may be optional. However, I needed to enable it on my installation.
Open PowerShell as Administrator to enable the TLS_CHACHA20_POLY1305_SHA256 cipher suite. Execute the following command in PowerShell:
Enable-TlsCipherSuite -Name TLS_CHACHA20_POLY1305_SHA256 -Position 0
Step 3: Allow UDP Connections on Port 443
HTTP/3 uses QUIC protocol which uses incoming UDP connections on port 443. You'll need to allow connections if you're using a firewall. Here is how the rule might look in Windows Firewall:
Step 4: Add HTTP/3 Response Headers to IIS
HTTP/3 requires some special response headers within IIS. Select either the website, or the machine within IIS and select "HTTP Response Headers."
Create a new response header with the name alt-svc and the value h3=":443"; ma=86400; persist=1.
That's it! Now test to make sure HTTP/3 is working in your browser. Many modern browsers li support HTTP/3 so you shouldn't need any configuration changes. However, one thing to note is that HTTP/3 only works on HTTPS connections, so if you're loading a website using HTTP, it will not work. Make sure to configure websites in IIS to use HTTPS protocol.
You will know when HTTP/3 is working via the browser's dev tools. Open developer tools, click on the network tab and note the protocol column. Chrome 108.0.5359.94 screenshot:
Firefox 107.0.1 screenshot:
Troubleshooting Tips
- Reboot Windows 2022 server
- Make sure the website is loaded via HTTPS! Do you see the lock icon in the browser?
- Completely close the browser (all tabs) and restart it before loading the website
- Disable the browser cache via browser developer tools when testing
- Completely clear the browser cache and reboot the client machine(s).
More resources and references:
- https://4sysops.com/archives/increase-iis-performance-with-http3-in-windows-server-2022/
- https://blog.workinghardinit.work/2021/10/11/iis-and-http-3-quic-tls-1-3-in-windows-server-2022/
- https://techcommunity.microsoft.com/t5/networking-blog/enabling-http-3-support-on-windows-server-2022/ba-p/2676880
- Blazor "No element is currently associated with component {n}" error, but only in production
- Certificate Rebind in IIS 10 using powershell
- IIS server error .Server Error in '/' Application
- Unexpected System.BadImageFormatException: Index not found That is Fixed with Restart
- ASP.NET Core 8 Minimal API throws 404 on deploy in IIS
- Published on webserver core8 api works from POSTMAN and from weserver published frontend but ERR_CONNECTION_RESET from client browser
- Why is my local website not working in IIS
- Unable to launch IIS Express Web Server - Failed to Register URL - Cannot create a file when that file already exists | VS Community 2017
- The session cookie cannot be unprotected when ASP.NET Core 8.0 Web App runs on IIS
- what alternatives are there to using global.asax?
- How to Access Files in ASP.NET Web Forms Application via Virtual Directory on Network Location?
- ASP.NET Core app running on IIS gives Http Error 401.2-Unauthorize
- Cannot connect to SQL SERVER from ASP.NET Web Method
- .NET framework Session State
- IIS - Url Rewrite and subfolers
- ERROR: "The project doesn't know how to run the profile IIS Express" (VS 2019, 16.11.7)
- What is modern way to hosting `node.js` applications on Windows 10 and Windows Server 2012 and newer?
- Python Flask UnderIIS - Docx to Pdf
- How to Host Web API and MVC application on Same Address
- How to solve the HTTP Error 403.14 - Forbidden in Asp.Net Core API?
- [COMException (0x800a141f): Word was unable to read this document. It may be corrupt
- IIS & ASP.NET blocking file
- ASP.NET Core 8.0 MVC web app & IIS 10 - how to include the user name in the IIS log when the cookie authentication is used?
- JSON file create issue on IIS production server
- URL Rewrite rule to redirect http: to https: is not working - IIS 10 - Asp.Net Framework 4.8 - web forms - aspx
- How to host React.js and Node.js app in windows IIS?
- Minimum ASP.NET Core app to redirect to new domain
- HttpClient using PFX transport certificate to stablish connection to third part application
- .Net Framework: exception in w3wp.exe
- docker: Error response from daemon: Ports are not available: listen tcp 0.0.0.0:80: bind: