Reputation: 107
Error "ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY" in Google Chrome while accessing locally hosted SPA
I've a locally hosted SPA (Kestral/.Net core). It is using a self signed certificate for HTTPS communication (generated through Server Certificates in windows 10).
It works well with IE11, however when accessed from Google Chrome, shows up error - ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY.
Any clues on what could be done to overcome this?
Troubleshooting done so far:
- Custom cipher suites order.
- Disabling HTTP2 through windows registry.
Upvotes: 0
Views: 9405
Answers (2)
Reputation: 107
Adding if it helps anyone digging on same thing, for Kestral setting Protocol Version to http1 looks to be the way to overcome this issue, as Cipher suite doesn't looks to be configurable in kestral at least with .Net core 3.1.
Upvotes: 0
Reputation: 45905
To use HTTP/2 you must be using TLSv1.2 and cannot use a number of blacklisted, less secure ciphers. This basically means you must use one of the GCM ciphers like TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (though other newer ciphers like TLS_CHACHA20_POLY1305_SHA256 are also support).
If you only have older ciphers configured then Chrome will fallback to HTTP/1.1 or, if that is not available, it will error with that error message.
Upvotes: 2
Related Questions
- Chrome NET::ERR_CERT_AUTHORITY_INVALID error on self signing certificate at LocalHost
- NET::ERR_CERT_INVALID error at every page
- IIS 10 - Chrome 44 ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY
- Localhost Invalid Certificate for Chrome 88
- net::ERR_INSECURE_RESPONSE in Chrome
- Always get a Security Error for Internal HTTPS Website
- your connection is not private NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM
- Chrome SSL self sign certificate issue
- google chrome https error