Improve Security with TLS 1.3 on Windows Server 2022

This guide intends to teach you how to Improve Security with TLS 1.3 on Windows Server 2022. TLS 1.3 stands for Transport Layer Security version 1.3. It is the most recent version of the TLS protocol, a standard protocol for securing internet connections. It is also, compared to older versions TLS 1.3 has the following improvements:

  • Enhanced Security
  • Improved Speed
  • Forward Secrecy

Now you can follow the steps below provided by the Orcacore team to Improve Security with TLS 1.3 on Windows Server 2022.

Steps To Enable and Improve Security with TLS 1.3 on Windows Server 2022

As you may know, Windows Server 2022 supports TLS 1.3. You need to log in to your Windows Server as an admin user and follow the steps below.

Also, you need to be sure your system is up to date and doesn’t have any pending updates.

You can enable and improve Security with TLS 1.3 on Windows Server 2022 by using the following methods:

  1. Use Registry Editor
  2. Through PowerShell

Method 1 – Enable TLS 1.3 with Registry Editor on Windows Server 2022

At this point, you can press Win + R and type regedit to open the Registry Editor.

From the Registry Editor, navigate to the following path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

Then, right-click on Protocols, create a new key, and name it TLS 1.3.

Create TLS 1.3 Key From Registry Editor

Next, inside your TLS 1.3 folder, create two new keys named Server and Client.

Server and Client TLS 1.3 keys

Now for each, you need to create a new DWORD (32-bit) Value named Enabled with a value of 1 and a DWORD (32-bit) Value named DisabledByDefault with a value of 0.

TLS 1.3 enabled
TLS 1.3 DisabledByDefault

Method 2 – Enable TLS 1.3 via PowerShell on Windows Server 2022

If you prefer to use PowerShell commands, you can run your PowerShell as an administrator and use the following commands to enable TLS 1.3:

# New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -Force

# New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -Name 'Enabled' -Value '1' -PropertyType 'DWord'

# New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -Name 'DisabledByDefault' -Value '0' -PropertyType 'DWord'

Note: You need to do these for the client too.

Test TLS 1.3 is Working Correctly

Once you are done, you need to restart your server to apply the changes.

To test your TLS 1.3, you can use a network protocol analyzer like Wireshark. For this purpose, you can check this guide on Installing Wireshark on Windows Server 2022.

Conclusion

It’s important to note that recent versions of Windows support TLS 1.3, allowing applications and services running on Windows to benefit from the new security enhancements. Hope you enjoy it.

Also, you may like to read the following articles:

Delete Unnecessary Files on Windows 11

Set up FTP Server on Windows Server 2022

Install OpenSSL on Windows Server 2022

FAQs

What is TLS 1.3, and why is it important for security?

TLS 1.3 (Transport Layer Security) is the latest protocol standard for secure communication, offering stronger encryption and faster connections, which enhances both security and performance over previous TLS versions.

How do I check if TLS 1.3 is active on my server?

As described in the guide steps on Improve Security with TLS 1.3 on Windows Server 2022, you can use Windows registry or PowerShell.

What are the benefits of using TLS 1.3 over older protocols?

TLS 1.3 improves security by eliminating outdated encryption algorithms, enhances privacy by encrypting more data in the handshake, and speeds up connections, particularly in HTTPS environments.

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Leave a Reply

Stay informed and not overwhelmed, subscribe now!