I am new to ASP.Net core and I am trying to get a new ASP.NET core app started on my machine (Windows 8.1). I am following the tutorial at https://learn.microsoft.com/en-us/aspnet/core/getting-started/?view=aspnetcore-3.1&tabs=windows (which is about as basic as it gets):
When I run the application and I navigate to https://localhost:5001/ in Chrome, I receive the following error:
This site can’t be reached
The webpage at https://localhost:5001/ might be temporarily down or it may have moved permanently to a new web address.
ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY
This feels like a cert issue to me, so I followed the link under "Trust the development certificate section", and I tried to remove and re-add the old cert via:
dotnet dev-certs https --clean
dotnet dev-certs https --trust
But that didn't help.
I do not see any errors when I run dotnet watch run. This is the output:
watch : Started
info: Microsoft.Hosting.Lifetime[0]
Now listening on: https://localhost:5001
info: Microsoft.Hosting.Lifetime[0]
Now listening on: http://localhost:5000
info: Microsoft.Hosting.Lifetime[0]
Application started. Press Ctrl+C to shut down.
info: Microsoft.Hosting.Lifetime[0]
Hosting environment: Development
info: Microsoft.Hosting.Lifetime[0]
Content root path: D:\learn_code\aspnetcoreapp2
I downloaded the new version of .NET yesterday and tried again, so I don't think it's a version issue. I'm using 3.1.402.
Is there something else I can do to get this running? Thanks.
Update:
This Microsoft article has helpful information, but it also states that Windows 8 and 8.1 have TLS 1.2 enabled and on by default: https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls#configuring-security-via-the-windows-registry
I also tried the recommended registry settings, but that didn't work, and I think this might be targeted at .NET Framework and not necessarily .NET Core (but I'm not 100% sure about that)...
Also, there's a little bit more going on with HTTP2 as well. I found this article, which seems to imply it's the ciphers in combination with HTTP2: https://www.tecklyfe.com/how-to-fix-ns_error_net_inadequate_security-and-err_spdy_inadequate_transport_security-in-iis-on-windows-server-2016/
I tried the Nartac IISCrypto GUI tool (which is MUCH easier than editing registry settings by hand) https://www.nartac.com/Products/IISCrypto/Download, clicking on the Best Practices button and rebooting, but that didn't work.
There was one other recommendation in the tecklyfe article with disabling HTTP2 in Firefox, and that did work. So, I think the answer is probably somewhere in the realm of using the correct cipher.
dotnet run looks like it's launching in Microsoft.Hosting.Lifetime, so maybe I can figure out how to configure that?
According to this Microsoft article https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel?view=aspnetcore-3.1#:~:text=Kestrel%20is%20a%20cross%2Dplatform,ASP.NET%20Core%20project%20templates. in the section "HTTP/2 support",
Kestrel has limited support for HTTP/2 on Windows Server 2012 R2 and Windows 8.1. Support is limited because the list of supported TLS cipher suites available on these operating systems is limited. A certificate generated using an Elliptic Curve Digital Signature Algorithm (ECDSA) may be required to secure TLS connections.
In order to run an ASP.Net Core app on Windows 8.1, configure Http1 as the default connection protocol, by adding this configuration to your appsettings.json file:
"Kestrel": {
"EndpointDefaults": {
"Protocols": "Http1"
}
}