How to enable TLS 1.3 on Windows Server

1 feb 2024 2 min di lettura
How to enable TLS 1.3 on Windows Server
Indice dei contenuti

Introduction

Transport Layer Security (TLS) 1.3 represents a significant advancement in the security protocols used for Internet communication. With its introduction in Windows Server 2022 and Windows 11, administrators now have access to advanced security features and improved connection speeds. This guide provides a detailed walkthrough of enabling TLS 1.3 in Windows Server 2022, ensuring your server takes advantage of the latest security technology.

Prerequisites

  • Operating System: Make sure you are using Windows Server 2022 or Windows 11, as these are the versions that support TLS 1.3.
  • Administrator access: You will need administrator privileges to make the required changes.

Here is the step by step guide to enable TLS 1.3 on Windows systems:

Step 1: Check your system for compatibility

  • Check your operating system version: Confirm that your system is running Windows Server 2022 or Windows 11. You can do this via the "System Information" screen.

Step 2: Update Windows Server

  • Windows Update: Access "Windows Update" via Control Panel or Settings app and check for any pending updates, especially those related to security.
  • Install updates: Download and install all available updates to ensure your system is up to date.

Step 3: Enable TLS 1.3

In Windows Server 2022, TLS 1.3 is enabled by default. However, you can use one of the following methods to enable it:

Using the Registry Editor

Open Registry Editor: Press Win+R, type regedit, and press Enter.

Go to TLS Registry Key: Go to


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

Add TLS 1.2 keys: Right-click "Protocols", select New > Key and name it TLS 1.3.

Add Server and Client Keys: Within TLS 1.3, create two new keys named Server and Client.

Configure Keys: For each, create a new DWORD (32-bit) value named Enabled with a value of 1 and a DWORD (32-bit) value named DisabledByDefault with a value of 0.

Using PowerShell

  1. Open PowerShell: Run as administrator.
  2. Run configuration script - Run a PowerShell script to modify registry settings to enable TLS 1.3. Example script:

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -Force
 New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -Name 'Enabled' -Value '1' -PropertyType 'DWord'
 New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -Name 'DisabledByDefault' -Value '0' -PropertyType 'DWord'

Step 4: Configure cipher suites (optional)

  1. Group Policy Editor: Press Win + R, type gpedit.msc and press Enter.
  2. Cipher Suite Settings: Go to Computer Configuration >> Administrative Templates >> Network >> SSL Configuration Settings.
  3. Prioritize TLS 1.3 cipher suites: In the "SSL cipher suite order" setting, ensure that TLS 1.3 cipher suites are prioritized at the top of the list for optimal security.

Step 5: Test and verify

  1. Restart the server: After making changes, restart the server.
  2. Testing TLS 1.3: Use a network protocol analyzer such as Wireshark or an online TLS checker to ensure TLS 1.3 is operational.

Conclusion

Enabling TLS 1.3 on Windows Server 2022 is a simple process that significantly increases the security and performance of your network. It is critical that administrators keep their systems updated and ensure the latest security protocols are in use. Check regularly for updates and stay informed about new security features and best practices.

Staying up to date and informed about your server's security settings is essential to maintaining a secure and efficient network environment.

Support us with a

Successivamente, completa il checkout per l'accesso completo a Noviello.it.
Bentornato! Accesso eseguito correttamente.
Ti sei abbonato con successo a Noviello.it.
Successo! Il tuo account è completamente attivato, ora hai accesso a tutti i contenuti.
Operazione riuscita. Le tue informazioni di fatturazione sono state aggiornate.
La tua fatturazione non è stata aggiornata.