Enabling HTTP/3 support on Windows Server 2022

Published Aug 24 2021 06:00 AM 3,437 Views

Credit and thanks to Matthew Cox and Daniel Ring for implementation work

 

One of the new features Windows Server 2022 brings is native support for hosting HTTP/3 services. In this post, we will discuss how to enable it and how it can benefit web services.

 

HTTP/3 is a major overhaul of HTTP with performance and security in mind. It uses QUIC as a transport (our HTTP server, http.sys, is using msquic) to gain the benefits of eliminated head of line blocking at the transport layer. This is a significant improvement over HTTP/2 which eliminated head of line blocking only at the HTTP layer with streams that allowed a single HTTP/2 connection to replace a set of HTTP/1.1 connections. HTTP/3 also benefits from many lessons learned in HTTP/2, such as simplifying the protocol by removing prioritization.

 

The HTTP/3 standard is nearly complete; its final publication as an RFC is only waiting on formal process at this point. It is already supported by major browsers which means web services are ready to benefit from deploying it.

 

One thing to note before proceeding: these instructions presume there were no changes made to the list of enabled TLS cipher suites on the Windows Server 2022 installation. If this is not the case, consult RFC9001 (“Using TLS to Secure QUIC”) and ensure there are some cipher suites in common between the server and its expected clients. HTTP/3 is built on QUIC which requires TLS 1.3. Turning off TLS 1.3 or disabling TLS 1.3 cipher suites will result in HTTP/3 deployment failures. See “TLS Cipher Suites in Windows Server 2022” to learn how to add cipher suites and which ones are enabled by default.

 

HTTP/3 support is opt-in on Windows Server 2022 via a registry key named “EnableHttp3” with value 1 at “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters”. Running this command from an elevated prompt will create the key:

 

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters" /v EnableHttp3 /t REG_DWORD /d 1 /f

 

Once this key is set, either restart the http.sys service or reboot Windows to apply the setting.

 

It is likely the web service will need to advertise it is available over HTTP/3 as well using “Alt-Svc” headers in HTTP/2 responses (though this can also be done using HTTP/2 ALTSVC frames). This allows clients who connect over HTTP/2 to learn the service’s HTTP/3 endpoint and use that going forward. This is done by sending an HTTP/3 ALPN (“Application-layer Protocol Negotiation”) identifier with HTTP/2 responses advertising a specific version of HTTP/3 to use for future requests. Sending the ALTSVC frame  can be done by http.sys. That can be enabled by setting the “EnableAltSvc” registry key with the command below. To apply the setting, restart http.sys or reboot Windows.

 

"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters" /v EnableAltSvc /t REG_DWORD /d 1 /f

 

If all goes well, the service will start serving content over HTTP/3. To ensure this is happening, use Edge to verify the protocol used to serve the web request. Right click on the page, select “Inspect”, then select the “Network” tab. If only “h2” is being used in the “Protocol” column instead of “h3”, try refreshing the page to ensure the ALPN is being honored (the first request will use HTTP/2 which will then advertise HTTP/3 support to Edge for future requests).

17 Comments
Regular Visitor

I tried this on a freshly installed instance, but I got no QUIC response, although I do see TLS 1.3 being used. I added both registry keys and restarted the server. I also cleared the browser cache and reloaded my IIS website multiple times. Any idea, how to troubleshoot this?

 

Also, on another machine I did an in-place update from 2019 auf 2022 and on this server I don't even get a TLS 1.3 connection. The browser is stuck on 1.2. Any idea, why this may happen?

Great post but windows server 2022 is already GA how odd this may sounds it has went silent to GA. 

Senior Member

Great article and jeej for HTTP/3 :)

 

I test with Windows Server 2022 build 20317 (per GA), and I cannot get a HTTP/3 connection. I do however have TLS 1.3. For my test I created and build a vanilla .NET 5.0 Web App (MVC) that I deployed into an application folder in my test website.

 

Of course I created both registry values mentioned and rebooted the server.

What could be wrong? Is it only in the GA version?

@tojens 

 

Update: using Windows Server 2022 build 10.0.20348 didn't change the isuse

Occasional Contributor

Will Windows Server 2022 support HTTP/3+QUIC for RRAS SSTP?

Senior Member

Just did a test to see if IIS10 on  W2K22 with these registry additions servers up pages over QUIC but so far, no joy. Any information, pointers?

Occasional Visitor

I am facing the same problems HenningKrause had faced.

After in-place upgrade form win 2019 to 202 TLS1.3 cannot be activated.  And, furthermore, I cannot bind https if I do not choose "Disable QUIC" setting.

an error is thrown stating "Incorrect function. [Exception from HResult: 0x80070001]. Aforementioned reg settings were applied and server was rebooted to no avail.  

 

cvv.png

 

 


 

Senior Member

@tojens

An update to my issue: it may very well be that my edge firewalls are blocking 443/UDP, I just verified I _do_ have HTTP/3 transport internally in my network. Depending on your configuration, you may also need to open the Windows firewall:

New-NetFirewallRule -DisplayName "Allow QUIC" -Direction Inbound -Protocol UDP -LocalPort 443 -Action Allow -LocalOnlyMapping $true

 Note: this is on build 20348. On build 20317 HTTP/3 still seems to be a no go.

Regular Visitor

I'm also running on build 20348, and while TLS 1.3 is working fine, QUIC is not. And I'm calling my service from the same machine, so the Firewall should not be the issue here.

Senior Member

@HenningKrauseDid you perform an in-place upgrade?

 

I think I have found the issue: TLS 1.3 cipher suite 'TLS_CHACHA20_POLY1305_SHA256' is required for HTTP/3, but not available in Schannel after an in-place upgrade. It's only available if you have installed the GA build directly. Or at least, so it seems.

  1. enable TLS_CHACHA20_POLY1305_SHA256: `Enable-TlsCipherSuite -Name TLS_CHACHA20_POLY1305_SHA256 -Position 0`
  2. add registry values for EnableHttp3 and EnableAltSvc
  3. verify 443/UDP traffic is allowed on the server and in your network

This worked for my set up, and I could reproduce the steps.

Regular Visitor

@JanReilink, I did a clean install of Windows. And TLS 1.3 is working. Only QUIC is not.

Occasional Visitor

@JanReilink i ve did an inplace upgrade an updated to build 20384, added the mentioned cipher suite and reg keys. There is no QUIC and TLS 1.3 is still: 

 

el3c_0-1631610092357.png

 

Requested from localhost

 

If i open up google.com, QUIC ist working fine without using CHACHA POLY:

 

el3c_0-1631610703662.png

 

Senior Member

I have a server that was Windows Server 2019, upgraded to pre-views of Windows Server 2022, and now at RTM/GA fully patched. IIS does work over QUIC (both registry settings applied) now but I need to use Firefox or Chrome, no luck with Edge Chromium. QUIC enabled those browsers as found on Cloudflare Cloudflare HTTP/3 docs

I did not have to add any ciphers due to in-place upgrades or so.  Screenshots from the lab are below.

 

UPDATE: While chrome seemed to work it only does it once or so and fails back, so no consistent QUIC on Chrome either.

 

QUICwithIISonW2K22.jpg

Regular Visitor

FireFox indeed uses QUIC. But neither Chrome nor Edge do, although I explicitly enabled QUIC via the flags (edge://flags/#enable-quic or chrome://flags/#enable-quic).

Occasional Visitor

Same here, only FF is working with QUIC and some stange warnings while sniffing the traffic with wireshark:

el3c_0-1631615869378.png

 

Senior Member

I can confirm Firefox uses QUIC / HTTP/3, and in my environment Chrome unfortunately doesn't. Maybe has something to do with the supported QUIC/HTTP3 draft version supported by both Chrome and MsQuic? But strange that everyone has different results with in-place upgrades, browsers, etc.

 

The following images are from the same page (internal, test - hence the self signed cert). Chrome doesn't do HTTP/3, Firefox does

Firefox, HTTP/3Firefox, HTTP/3Chrome, HTTP/2Chrome, HTTP/2

 

Update: I just disabled TLS_CHACHA20_POLY1305_SHA256, rebooted the server, and HTTP/3 is still functioning in Firefox. So guess that's not a requirement.

Occasional Visitor

I have found why TL1.3 was not working on my side.

On my servers (which were upgraded from a previous version to Win 2022) I had used Nartac.com's IISCrypto tool ( a great tool by the way) to configure TLS/cipher/schannel settings. 

Then I had set the template settings on the IIScrypto tool back to "Server Defaults" . Upon reboot TLS1.3 started to work. So if you had used IIScrypto simply revert settings to defaults and then either manually disable early/unwanted TLS/ciphers/hashes or wait for new release from Nartac or use IIS'es new binding feature "Disable Legacy TLS". 

 

arslanchariyev_1-1632127642045.png

arslanchariyev_2-1632127844083.png

 

Occasional Visitor

Wonderful. I'm looking forward to 2022 coming to Azure App Service.

%3CLINGO-SUB%20id%3D%22lingo-sub-2676880%22%20slang%3D%22en-US%22%3EEnabling%20HTTP%2F3%20support%20on%20Windows%20Server%202022%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2676880%22%20slang%3D%22en-US%22%3E%3CP%3E%3CEM%3ECredit%20and%20thanks%20to%20Matthew%20Cox%20and%20Daniel%20Ring%20for%20implementation%20work%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWindows%20Server%202022%20is%20currently%20in%20preview%20as%20%3CA%20href%3D%22https%3A%2F%2Fcloudblogs.microsoft.com%2Fwindowsserver%2F2021%2F03%2F02%2Fannouncing-windows-server-2022-now-in-preview%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eannounced%20earlier%20this%20year%3C%2FA%3E.%20One%20of%20the%20new%20features%20it%20brings%20is%20native%20support%20for%20hosting%20HTTP%2F3%20services.%20In%20this%20post%2C%20we%20will%20discuss%20how%20to%20enable%20it%20and%20how%20it%20can%20benefit%20web%20services.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHTTP%2F3%20is%20a%20major%20overhaul%20of%20HTTP%20with%20performance%20and%20security%20in%20mind.%20It%20uses%20QUIC%20as%20a%20transport%20(our%20HTTP%20server%2C%20http.sys%2C%20is%20using%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fmicrosoft%2Fmsquic%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Emsquic%3C%2FA%3E)%20to%20gain%20the%20benefits%20of%20eliminated%20head%20of%20line%20blocking%20at%20the%20transport%20layer.%20This%20is%20a%20significant%20improvement%20over%20HTTP%2F2%20which%20eliminated%20head%20of%20line%20blocking%20only%20at%20the%20HTTP%20layer%20with%20streams%20that%20allowed%20a%20single%20HTTP%2F2%20connection%20to%20replace%20a%20set%20of%20HTTP%2F1.1%20connections.%20HTTP%2F3%20also%20benefits%20from%20many%20lessons%20learned%20in%20HTTP%2F2%2C%20such%20as%20simplifying%20the%20protocol%20by%20removing%20prioritization.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20HTTP%2F3%20standard%20is%20nearly%20complete%3B%20its%20%3CA%20href%3D%22https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-quic-http%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Efinal%20publication%3C%2FA%3E%20as%20an%20RFC%20is%20only%20waiting%20on%20formal%20process%20at%20this%20point.%20It%20is%20already%20supported%20by%20major%20browsers%20which%20means%20web%20services%20are%20ready%20to%20benefit%20from%20deploying%20it.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOne%20thing%20to%20note%20before%20proceeding%3A%20these%20instructions%20presume%20there%20were%20no%20changes%20made%20to%20the%20list%20of%20enabled%20TLS%20cipher%20suites%20on%20the%20Windows%20Server%202022%20installation.%20If%20this%20is%20not%20the%20case%2C%20consult%20RFC9001%20(%E2%80%9C%3CA%20href%3D%22https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc9001%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EUsing%20TLS%20to%20Secure%20QUIC%3C%2FA%3E%E2%80%9D)%20and%20ensure%20there%20are%20some%20cipher%20suites%20in%20common%20between%20the%20server%20and%20its%20expected%20clients.%20HTTP%2F3%20is%20built%20on%20QUIC%20which%20requires%20TLS%201.3.%20Turning%20off%20TLS%201.3%20or%20disabling%20TLS%201.3%20cipher%20suites%20will%20result%20in%20HTTP%2F3%20deployment%20failures.%20See%20%E2%80%9C%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fwin32%2Fsecauthn%2Ftls-cipher-suites-in-windows-server-2022%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ETLS%20Cipher%20Suites%20in%20Windows%20Server%202022%3C%2FA%3E%E2%80%9D%20to%20learn%20how%20to%20add%20cipher%20suites%20and%20which%20ones%20are%20enabled%20by%20default.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHTTP%2F3%20support%20is%20opt-in%20on%20Windows%20Server%202022%20via%20a%20registry%20key%20named%20%E2%80%9CEnableHttp3%E2%80%9D%20with%20value%201%20at%20%E2%80%9CHKEY_LOCAL_MACHINE%5CSYSTEM%5CCurrentControlSet%5Cservices%5CHTTP%5CParameters%E2%80%9D.%20Running%20this%20command%20from%20an%20elevated%20prompt%20will%20create%20the%20key%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%3Ereg%20add%20%22HKEY_LOCAL_MACHINE%5CSYSTEM%5CCurrentControlSet%5Cservices%5CHTTP%5CParameters%22%20%2Fv%20EnableHttp3%20%2Ft%20REG_DWORD%20%2Fd%201%20%2Ff%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOnce%20this%20key%20is%20set%2C%20either%20restart%20the%20http.sys%20service%20or%20reboot%20Windows%20to%20apply%20the%20setting.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIt%20is%20likely%20the%20web%20service%20will%20need%20to%20advertise%20it%20is%20available%20over%20HTTP%2F3%20as%20well%20using%20%E2%80%9CAlt-Svc%E2%80%9D%20headers%20in%20HTTP%2F2%20responses%20(though%20this%20can%20also%20be%20done%20using%20HTTP%2F2%20ALTSVC%20frames).%20This%20allows%20clients%20who%20connect%20over%20HTTP%2F2%20to%20learn%20the%20service%E2%80%99s%20HTTP%2F3%20endpoint%20and%20use%20that%20going%20forward.%20This%20is%20done%20by%20sending%20an%20HTTP%2F3%20ALPN%20(%E2%80%9CApplication-layer%20Protocol%20Negotiation%E2%80%9D)%20identifier%20with%20HTTP%2F2%20responses%20advertising%20a%20specific%20version%20of%20HTTP%2F3%20to%20use%20for%20future%20requests.%20Sending%20the%20ALTSVC%20frame%20%26nbsp%3Bcan%20be%20done%20by%20http.sys.%20That%20can%20be%20enabled%20by%20setting%20the%20%E2%80%9CEnableAltSvc%E2%80%9D%20registry%20key%20with%20the%20command%20below.%20To%20apply%20the%20setting%2C%20restart%20http.sys%20or%20reboot%20Windows.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%3E%22HKEY_LOCAL_MACHINE%5CSYSTEM%5CCurrentControlSet%5Cservices%5CHTTP%5CParameters%22%20%2Fv%20EnableAltSvc%20%2Ft%20REG_DWORD%20%2Fd%201%20%2Ff%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20all%20goes%20well%2C%20the%20service%20will%20start%20serving%20content%20over%20HTTP%2F3.%20To%20ensure%20this%20is%20happening%2C%20use%20Edge%20to%20verify%20the%20protocol%20used%20to%20serve%20the%20web%20request.%20Right%20click%20on%20the%20page%2C%20select%20%E2%80%9CInspect%E2%80%9D%2C%20then%20select%20the%20%E2%80%9CNetwork%E2%80%9D%20tab.%20If%20only%20%E2%80%9Ch2%E2%80%9D%20is%20being%20used%20in%20the%20%E2%80%9CProtocol%E2%80%9D%20column%20instead%20of%20%E2%80%9Ch3%E2%80%9D%2C%20try%20refreshing%20the%20page%20to%20ensure%20the%20ALPN%20is%20being%20honored%20(the%20first%20request%20will%20use%20HTTP%2F2%20which%20will%20then%20advertise%20HTTP%2F3%20support%20to%20Edge%20for%20future%20requests).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2676880%22%20slang%3D%22en-US%22%3E%3CP%3EInstructions%20for%20enabling%20HTTP%2F3%20for%20your%20Windows%20Server-based%20web%20services%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2676880%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Ehttp%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ehttp%20sys%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ehttp.sys%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ehttp3%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWS2022%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2679782%22%20slang%3D%22de-DE%22%3ESubject%3A%20Enabling%20HTTP%2F3%20support%20on%20Windows%20Server%202022%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2679782%22%20slang%3D%22de-DE%22%3E%3CP%3EI%20tried%20this%20on%20a%20freshly%20installed%20instance%2C%20but%20I%20got%20no%20QUIC%20response%2C%20although%20I%20do%20see%20TLS%201.3%20being%20used.%20I%20added%20both%20registry%20keys%20and%20restarted%20the%20server.%20I%20also%20cleared%20the%20browser%20cache%20and%20reloaded%20my%20IIS%20website%20multiple%20times.%20Any%20idea%2C%20how%20to%20troubleshoot%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20on%20another%20machine%20I%20did%20an%20in-place%20update%20from%202019%20to%202022%20and%20on%20this%20server%20I%20don't%20even%20get%20a%20TLS%201.3%20connection.%20The%20browser%20is%20stuck%20on%201.2.%20Any%20idea%2C%20why%20this%20may%20happen%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2682812%22%20slang%3D%22en-US%22%3ERe%3A%20Enabling%20HTTP%2F3%20support%20on%20Windows%20Server%202022%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2682812%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20post%20but%20windows%20server%202022%20is%20already%20GA%20how%20odd%20this%20may%20sounds%20it%20has%20went%20silent%20to%20GA.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2694775%22%20slang%3D%22en-US%22%3ERe%3A%20Enabling%20HTTP%2F3%20support%20on%20Windows%20Server%202022%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2694775%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20article%20and%20jeej%20for%20HTTP%2F3%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20test%20with%20Windows%20Server%202022%20build%2020317%20(per%20GA)%2C%20and%20I%20cannot%20get%20a%20HTTP%2F3%20connection.%20I%20do%20however%20have%20TLS%201.3.%20For%20my%20test%20I%20created%20and%20build%20a%20vanilla%20.NET%205.0%20Web%20App%20(MVC)%20that%20I%20deployed%20into%20an%20application%20folder%20in%20my%20test%20website.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOf%20course%20I%20created%20both%20registry%20values%20mentioned%20and%20rebooted%20the%20server.%3C%2FP%3E%3CP%3EWhat%20could%20be%20wrong%3F%20Is%20it%20only%20in%20the%20GA%20version%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2699223%22%20slang%3D%22en-US%22%3ERe%3A%20Enabling%20HTTP%2F3%20support%20on%20Windows%20Server%202022%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2699223%22%20slang%3D%22en-US%22%3E%3CP%3EWill%20Windows%20Server%202022%20support%20HTTP%2F3%2BQUIC%20for%20RRAS%20SSTP%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2710434%22%20slang%3D%22en-US%22%3ERe%3A%20Enabling%20HTTP%2F3%20support%20on%20Windows%20Server%202022%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2710434%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20did%20a%20test%20to%20see%20if%20IIS10%20on%26nbsp%3B%20W2K22%20with%20these%20registry%20additions%20servers%20up%20pages%20over%20QUIC%20but%20so%20far%2C%20no%20joy.%20Any%20information%2C%20pointers%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2735684%22%20slang%3D%22en-US%22%3ERe%3A%20Enabling%20HTTP%2F3%20support%20on%20Windows%20Server%202022%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2735684%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20facing%20the%20same%20problems%20HenningKrause%20had%20faced.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22UserName%20lia-user-name%20lia-user-rank-Occasional-Visitor%20lia-component-message-view-widget-author-username%22%3EAfter%20in-place%20upgrade%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22UserName%20lia-user-name%20lia-user-rank-Occasional-Visitor%20lia-component-message-view-widget-author-username%22%3Eform%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22UserName%20lia-user-name%20lia-user-rank-Occasional-Visitor%20lia-component-message-view-widget-author-username%22%3Ewin%202019%20to%20202%3C%2FSPAN%3E%3CSPAN%20class%3D%22UserName%20lia-user-name%20lia-user-rank-Occasional-Visitor%20lia-component-message-view-widget-author-username%22%3E%20TLS1.3%20cannot%20be%20activated.%26nbsp%3B%20And%2C%20furthermore%2C%20I%20cannot%20bind%20https%20if%20I%20do%20not%20choose%20%22Disable%20QUIC%22%20setting.%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22UserName%20lia-user-name%20lia-user-rank-Occasional-Visitor%20lia-component-message-view-widget-author-username%22%3Ean%20error%20is%20thrown%20stating%20%22Incorrect%20function.%20%5BException%20from%20HResult%3A%200x80070001%5D.%20Aforementioned%20reg%20settings%20were%20applied%20and%20server%20was%20rebooted%20to%20no%20avail.%20%26nbsp%3B%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22cvv.png%22%20style%3D%22width%3A%20899px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F309210i204EA87EB81C9FC6%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22cvv.png%22%20alt%3D%22cvv.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22lia-message-author-rank%20lia-component-author-rank%20lia-component-message-view-widget-author-rank%22%3E%3CBR%20%2F%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2746283%22%20slang%3D%22de-DE%22%3ESubject%3A%20Enabling%20HTTP%2F3%20support%20on%20Windows%20Server%202022%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2746283%22%20slang%3D%22de-DE%22%3E%3CP%3EI'm%20also%20running%20on%20build%2020348%2C%20and%20while%20TLS%201.3%20is%20working%20fine%2C%20QUIC%20is%20not.%20And%20I'm%20calling%20my%20service%20from%20the%20same%20machine%2C%20so%20the%20Firewall%20should%20not%20be%20the%20issue%20here.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2748089%22%20slang%3D%22en-US%22%3ERe%3A%20Enabling%20HTTP%2F3%20support%20on%20Windows%20Server%202022%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2748089%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1136378%22%20target%3D%22_blank%22%3E%40HenningKrause%3C%2FA%3EDid%20you%20perform%20an%20in-place%20upgrade%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20think%20I%20have%20found%20the%20issue%3A%20TLS%201.3%20cipher%20suite%20'TLS_CHACHA20_POLY1305_SHA256'%20is%20required%20for%20HTTP%2F3%2C%20but%20not%20available%20in%20Schannel%20after%20an%20in-place%20upgrade.%20It's%20only%20available%20if%20you%20have%20installed%20the%20GA%20build%20directly.%20Or%20at%20least%2C%20so%20it%20seems.%3C%2FP%3E%3COL%3E%3CLI%3Eenable%20TLS_CHACHA20_POLY1305_SHA256%3A%20%60Enable-TlsCipherSuite%20-Name%20TLS_CHACHA20_POLY1305_SHA256%20-Position%200%60%3C%2FLI%3E%3CLI%3Eadd%20registry%20values%20for%20EnableHttp3%20and%20EnableAltSvc%3C%2FLI%3E%3CLI%3Everify%20443%2FUDP%20traffic%20is%20allowed%20on%20the%20server%20and%20in%20your%20network%3C%2FLI%3E%3C%2FOL%3E%3CP%3EThis%20worked%20for%20my%20set%20up%2C%20and%20I%20could%20reproduce%20the%20steps.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2748178%22%20slang%3D%22de-DE%22%3ESubject%3A%20Enabling%20HTTP%2F3%20support%20on%20Windows%20Server%202022%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2748178%22%20slang%3D%22de-DE%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1004516%22%20target%3D%22_blank%22%3E%40JanReilink%3C%2FA%3E%2C%20I%20did%20a%20clean%20install%20of%20Windows.%20And%20TLS%201.3%20is%20working.%20Only%20QUIC%20is%20not.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2748375%22%20slang%3D%22en-US%22%3ERe%3A%20Enabling%20HTTP%2F3%20support%20on%20Windows%20Server%202022%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2748375%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1004516%22%20target%3D%22_blank%22%3E%40JanReilink%3C%2FA%3E%26nbsp%3Bi%20ve%20did%20an%20inplace%20upgrade%20an%20updated%20to%20build%2020384%2C%20added%20the%20mentioned%20cipher%20suite%20and%20reg%20keys.%20There%20is%20no%20QUIC%20and%20TLS%201.3%20is%20still%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22el3c_0-1631610092357.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F310238i7743F8E015F61887%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22el3c_0-1631610092357.png%22%20alt%3D%22el3c_0-1631610092357.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERequested%20from%20localhost%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20i%20open%20up%20google.com%2C%20QUIC%20ist%20working%20fine%20without%20using%20CHACHA%20POLY%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22el3c_0-1631610703662.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F310239i539313CC01F437C1%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22el3c_0-1631610703662.png%22%20alt%3D%22el3c_0-1631610703662.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2748622%22%20slang%3D%22en-US%22%3EBetreff%3A%20Enabling%20HTTP%2F3%20support%20on%20Windows%20Server%202022%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2748622%22%20slang%3D%22en-US%22%3E%3CP%3EFireFox%20indeed%20uses%20QUIC.%20But%20neither%20Chrome%20nor%20Edge%20do%2C%20although%20I%20explicitly%20enabled%20QUIC%20via%20the%20flags%20(%3CSPAN%3Eedge%3A%2F%2Fflags%2F%23enable-quic%20or%26nbsp%3Bchrome%3A%2F%2Fflags%2F%23enable-quic).%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Version history
Last update:
‎Aug 26 2021 08:40 AM
Updated by: