I have a few VS 2019 projects that some colleagues created and that I downloaded and attempted to run. Straight out of the box with no modification, Chrome and Firefox both complain (Edge does not.)
I am running this using Kestrel, by the way.
Chrome:
"This site can’t be reached
The webpage at https://localhost:5001/ might be temporarily down or it may have moved permanently to a new web address.
ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY"
Firefox Your connection is not secure... blah blah... NS_ERROR_NET_INADEQUATE_SECURITY
I have used the workaround in appsettings.json:
"Kestrel": {
"EndpointDefaults": {
"Protocols": "Http1"
}
However, simply regressing to Http1 isn't a solution, it's just a workaround. I'm also not sure why my colleagues are not experiencing this problem, and I am not. Any ideas would be greatly appreciated.
Check your TLS setup as HTTP/2 blacklists most older, more insecure ciphers as listed in the specification and may not allow the connection to use HTTP/2 if they are used. You should configure your web server to use more modern GCM ciphers like TLS_AES_256_GCM_SHA384.