Weak HTTP/2-incompatible cipher suite

Symptoms:

HTTP2_INADEQUATE_TRANSPORT_SECURITY error messages occur in Chromium-based browsers (such as Google Chrome and Microsoft Edge).

Possible causes:

HTTP/2 is requested on the client side (the Google Chrome browser usually forces it if it is available), but the allowed Cipher Suites/TLS versions on the server side are not compatible.

Resolution:

Use one of the following methods:

• Disable weak Cipher Suites (by using the IIS Crypto tool, for example).

  OR

• Disable HTTP/2 in IIS on Windows Server 2016:

  1. Open the Registry Editor (in the Windows search box, type regedit) and navigate to the following location:

     HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters

  2. Right-click the Parameters folder and select New > DWORD (32-bit) Value. Repeat this step so that you have two new empty values in the Parameters folder.

  3. Restart the server.