Error “ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY” in Google Chrome while accessing locally hosted SPA

江枫思渺然 提交于 2021-01-29 20:19:18

问题


I've a locally hosted SPA. It is using a self signed certificate for HTTPS communication (generated through Server Certificates in windows 10).

It works well with IE11, however when accessed from Google Chrome, shows up error - ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY.

Any clues on what could be done to overcome this?

Troubleshooting done so far: 1. Custom cipher suites order. 2. Disabling HTTP2 through windows registry.


回答1:


To use HTTP/2 you must be using TLSv1.2 and cannot use a number of blacklisted, less secure ciphers. This basically means you must use one of the GCM ciphers like TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (though other newer ciphers like TLS_CHACHA20_POLY1305_SHA256 are also support).

If you only have older ciphers configured then Chrome will fallback to HTTP/1.1 or, if that is not available, it will error with that error message.




回答2:


Adding if it helps anyone digging on same thing, for Kestral setting Protocol Version to http1 looks to be the way to overcome this issue, as Cipher suite doesn't looks to be configurable in kestral at least with .Net core 3.1.



来源:https://stackoverflow.com/questions/62000961/error-err-http2-inadequate-transport-security-in-google-chrome-while-accessing

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!