What do I need to know about TLS 1.3 and ArcGIS Enterprise?

Note:
This article refers to TLS 1.3 and ArcGIS Enterprise. For information pertaining to TLS 1.2 and ArcGIS, refer to FAQ: What do I need to know about TLS 1.2 and ArcGIS.

ArcGIS Enterprise 10.9.x and 11.x natively support TLS 1.3 encryption methods at the GIS tier (everything internal to ArcGIS Enterprise, including ArcGIS Portal, ArcGIS DataStore, and ArcGIS Server). However, there are additional factors to consider before implementing this new standard.

Most organizations use ArcGIS Web Adaptor or a reverse proxy to expose ArcGIS Enterprise on standard HTTP(s) ports. ArcGIS Web Adaptor is available on two platforms: J2EE Server and Microsoft’s Internet Information System (IIS). Customers who leverage J2EE servers as Web Adaptor hosts can implement TLS 1.3. Microsoft's security documentation indicates that support for TLS 1.3 begins at Windows Server 2022. Refer to Microsoft: Protocols in TLS/SSL (Schannel SSP) for more information.

No additional configuration is required at the GIS tier to enable TLS 1.3 support. Customers using IIS will not benefit from TLS 1.3 at versions of Windows prior to Windows Server 2022 and Windows 11. 

TLS 1.2 is still the primary standard in the industry. There is no official word as to when it will be retired.