How to Fix ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY in IIS on Windows Server 2016

Question

I'am recently upgraded an IIS web server to Windows Server 2016, and i have this error ERR_SPDY_INADEQUATE_TRANSPORT_SECURITYin Google Chrome.

Answer 1

the solution provided by Ding Peng works for me by updating the regedit
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]

"EnableHttp2Tls"=dword:00000000
"EnableHttp2Cleartext"=dword:00000000

Answer 2

Below is the workaround to disable http2 in windows 2016 server.

1. Run Regedit -> Navigate to the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters

2. Under the Parameters folder, right-click the white-space, add 2 new DWORD (32-bit) values:

   EnableHttp2Tls

   EnableHttp2Cleartext

   Ensure both new values have been set to 0(disabled)

3. Restart the OS.

Answer 3

This problem is happening because of the HTTP/2. This basically means that the site started a HTTP/2 connection but there was a blacklisted cypher negotiated. SO the browser has prevented the access to the website. So, the usual solution for this is to reorder the cypher suites to meet the requirements of the HTTP/2.

Another solution is to disable HTTP/2 and only use HTTP/1.1. This can be addressed on the server-side by setting the following registry keys and the restarting the host Windows server:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]
"EnableHttp2Tls"=dword:00000000
"EnableHttp2Cleartext"=dword:00000000

Answer 4

@Anand Shukla have the correct solution, worked for me. I had to add additional braces to get it work.

 {
"Kestrel": {
"EndpointDefaults": {
 "Protocols": "Http1"
 } 
 }
 }

Answer 5

You can downgrade kestrel to start with Http1. There seems to be some problem with new versions which starts kestrel on Http2.

"Kestrel": {
"EndpointDefaults": {
  "Protocols": "Http1"
}
}

add above option in appsettings.json for temporary resolution