Support TLS 1.3

To support TLS 1.3, both the client and the server must meet the requirements below.

For client

The client app relies on OS for supporting TLS 1.3, therefore, you will need to make sure the client app is running on the following OS:

  • Windows 11

    Supports TLS 1.3 without needing any configuration.

  • Windows Server 2022

    Supports TLS 1.3 without needing any configuration.

The client app running on the other OS (such as Windows 10) does not support TLS 1.3.

Microsoft has listed the OS versions that support TLS in this table.

For server

PowerServer Web APIs can run on various servers and platforms; and different servers and platforms support TLS 1.3 in different ways:

  • Kestrel on Windows Server 2022 and Windows 11

    1) You will need to generate PowerServer C# solution with .NET 6.0 or 8.0 (".NET 8.0" is available for selection if using PowerServer 2022 R3 MR 3391 or later).

    2) You will need to load certificate in Kestrel.

    3) You will need to Starting Kestrel in production environment.

    For Kestrel on the other OS (such as Windows Server 2019), it does not support TLS 1.3.

  • Kestrel on Ubuntu 16.04 or later / RedHat 8.1 or later / CentOS 7

    1) You will need to generate PowerServer C# solution with .NET 6.0 or 8.0 (".NET 8.0" is available for selection if using PowerServer 2022 R3 MR 3391 or later).

    2) You will need to load certificate in Kestrel.

    3) You will need to install the .NET SDK or .NET Runtime (for Ubuntu, for RedHat, for CentOS).

    4) You will need to Starting Kestrel in production environment.

  • IIS on Windows Server 2022 and Windows 11

    1) You will need to load certificate in IIS.

    2) You will need to host the Web APIs in IIS.

    For IIS on the other OS (such as Windows Server 2019), it does not support TLS 1.3.

  • Apache 2.4.36 or later + OpenSSL 1.1.1 or later (on the aforementioned Windows OS or Linux OS)

    Supports TLS 1.3 without needing any configuration; but you will need to configure Apache as a reverse proxy server for the Web APIs.

    OpenSSL is included in Linux by default, but NOT in Windows. You will need to install or verify the required version of OpenSSL is installed.

  • Nginx 1.13.0 or later + OpenSSL 1.1.1 or later (on the aforementioned Windows OS or Linux OS)

    Supports TLS 1.3 without needing any configuration; but you will need to configure Nginx as a reverse proxy server for the Web APIs.

    OpenSSL is included in Linux by default, but NOT in Windows. You will need to install or verify the required version of OpenSSL is installed.

  • Docker Desktop for Windows (Debian GNU/Linux 11)

    Supports TLS 1.3 without needing any configuration.