What do I need to know about TLS 1.3 and ArcGIS Enterprise?

Answer

Note:
This article refers to TLS 1.3 and ArcGIS Enterprise. For information pertaining to TLS 1.2 and ArcGIS, refer to FAQ: What do I need to know about TLS 1.2 and ArcGIS.

ArcGIS Enterprise 10.9.x natively supports TLS 1.3 encryption methods at the GIS tier (everything internal to ArcGIS Enterprise, including ArcGIS Portal, ArcGIS DataStore, and ArcGIS Server). However, there are additional factors to consider before implementing this new standard.

Most organizations use ArcGIS Web Adaptor or a reverse proxy to expose ArcGIS Enterprise on standard HTTP(s) ports. ArcGIS Web Adaptor is available on two platforms: J2EE Server and Microsoft’s Internet Information System (IIS). Customers who leverage J2EE servers as Web Adaptor hosts can implement TLS 1.3. However, currently there is no support for TLS 1.3 for IIS. Microsoft's security documentation indicates that support for TLS 1.3 begins at Windows Server 2022. Refer to Microsoft: Protocols in TLS/SSL (Schannel SSP) for more information.

No additional configuration is required at the GIS tier to enable TLS 1.3 support. Customers using IIS will not benefit from TLS 1.3 until IIS supports it. Customers who leverage J2EE servers as Web Adaptor hosts can benefit from TLS 1.3.

TLS 1.2 is still the primary standard in the industry. There is no official word as to when it will be retired.