aspnetcore: ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY when clean webapi template

Describe the bug

A clear and concise description of what the bug is.

When https is used chrome and other browsers error out with ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY when the api is accessed.

To Reproduce

Steps to reproduce the behavior:

  1. Create a new webapi application and run it
  2. Visit its url in a browser (with https redirection enabled)
  3. See error

Expected behavior

A clear and concise description of what you expected to happen. The api should be available through https as is through http.

Screenshots

If applicable, add screenshots to help explain your problem. image

Additional context

Generating new https certificates did not help(dotnet dev-certs https --clean and dotnet dev-certs https --trust).

.NET Core SDK (reflecting any global.json): Version: 3.0.100 Commit: 04339c3a26

Runtime Environment: OS Name: Windows OS Version: 10.0.18362 OS Platform: Windows RID: win10-x64 Base Path: C:\Program Files\dotnet\sdk\3.0.100\

Host (useful for support): Version: 3.0.0 Commit: 7d57652f33

.NET Core SDKs installed: 2.1.4 [C:\Program Files\dotnet\sdk] 2.1.201 [C:\Program Files\dotnet\sdk] 2.1.202 [C:\Program Files\dotnet\sdk] 2.1.302 [C:\Program Files\dotnet\sdk] 2.1.504 [C:\Program Files\dotnet\sdk] 2.1.600-preview-009472 [C:\Program Files\dotnet\sdk] 2.1.600 [C:\Program Files\dotnet\sdk] 2.1.601 [C:\Program Files\dotnet\sdk] 2.1.602 [C:\Program Files\dotnet\sdk] 2.1.700-preview-009597 [C:\Program Files\dotnet\sdk] 2.1.700-preview-009601 [C:\Program Files\dotnet\sdk] 2.1.700-preview-009618 [C:\Program Files\dotnet\sdk] 2.1.700 [C:\Program Files\dotnet\sdk] 2.1.800-preview-009677 [C:\Program Files\dotnet\sdk] 2.1.801 [C:\Program Files\dotnet\sdk] 2.1.802 [C:\Program Files\dotnet\sdk] 3.0.100 [C:\Program Files\dotnet\sdk]

.NET Core runtimes installed: Microsoft.AspNetCore.All 2.1.2 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.All 2.1.7 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.All 2.1.8 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.All 2.1.9 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.All 2.1.11 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.All 2.1.12 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.All 2.1.13 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.App 2.1.2 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 2.1.7 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 2.1.8 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 2.1.9 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 2.1.11 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 2.1.12 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 2.1.13 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 3.0.0 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.NETCore.App 2.0.5 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 2.0.7 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 2.0.9 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 2.1.2 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 2.1.7 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 2.1.8 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 2.1.9 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 2.1.11 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 2.1.12 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 2.1.13 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 3.0.0-rc1-19456-20 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 3.0.0 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.WindowsDesktop.App 3.0.0 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]

To install additional .NET Core runtimes or SDKs: https://aka.ms/dotnet-download

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 5
  • Comments: 50 (31 by maintainers)

Most upvoted comments

WOW! What a thread!

I’m doing this in development for an angular app. So if your config look anything like mine all I did to get it working was add the Protocols option.

.ConfigureKestrel((context, options) =>
                {
                    // development options for kestrel
                    if (context.HostingEnvironment.IsDevelopment())
                    {
                        options.Listen(IPAddress.Any, 5000);  // http:localhost:5000
                        options.Listen(IPAddress.Any, 44300, listenOptions =>
                        {
                            listenOptions.Protocols = Microsoft.AspNetCore.Server.Kestrel.Core.HttpProtocols.Http1;   // force http1 during dev.

                            listenOptions.UseHttps(@"S:\WORK\SSL\example.com.pfx", "1234567", httpsOptions =>
                            {
                                httpsOptions.SslProtocols = System.Security.Authentication.SslProtocols.Tls;
                            });
                        });
                    }
                });
+2
simeyla on Oct 15, 2019

To circle back to the original issue. @hristijankiko sent us some great details (including a Wireshark trace that was very helpful). We identified that the server was selecting a cipher suite on the HTTP/2 block-list due to “inadequate security”. It turns out this was a machine-level configuration issue caused by upgrading from earlier Windows versions.

The fix was to manually configure the TLS cipher suites to match the new Windows 10 defaults (see https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-10-v1903). It’s curious that this was necessary even though @hristijankiko was using Windows 10 v1903 but we will check in on this internall.

No further action on the original issue is needed in ASP.NET Core.

Like I say, this is slightly different to the OP as he seems to getting the correct cert and still having this issue

@CodeCoded It’s much better to just post a new issue even if it seems related. Let us handle the process of marking it as a duplicate 😉. Unless you’re very confident it’s the same cause, go ahead and create a new issue, we don’t mind a little duplication and it’s easier for us to keep separate issues separate.

I’m going to close this as the original issue is resolved, please move discussions of other issues to new threads.

+1
analogrelay on Oct 15, 2019

Same problem for me. I’m using Posh-ACME for SSL cert generation - on net core 2.2 everything works well, but on 3.0 the error appears.

+1
f1nzer on Oct 8, 2019

Windows ciphers can only be adjusted in the registry.

Disabling HTTP2 in config is easier. Here’s an example that disables HTTP/1.1. https://github.com/aspnet/AspNetCore/blob/0a26524af0121e9db4ad1f3a6f98e33c3b52cdbd/src/ProjectTemplates/Web.ProjectTemplates/content/GrpcService-CSharp/appsettings.json#L9-L13

+1
Tratcher on Sep 24, 2019
Read more comments on GitHub
← aspnetcore: [Epic]: Support returning values from client invocations
aspnetcore: Error 503. The service is unavailable (blazor server side) →