I recently moved a .NET 2.0 web site from server 2008 to 2016 and ran into the below issue. This was on a security hardened server where certain ciphers and security protocols are disabled.
This site can’t be reached
The webpage at https://10.0.10.150/login.aspx might be temporarily down or it may have moved permanently to a new web address.
ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY
It looks like starting from Win 10 and Server 2016 IIS introduced HTTP/2 which is more strict on the types of ciphers are used when browsers connect to it. If a browser does not support HTTP/2 it fails back to HTTP/1.1. The server
Disable HTTP/2 on Server level (create and set both keys to 0)
I was tempted to disable the HTTP/2 on the server itself but wanted the benefits of the new protocol and since its just a cipher issue, it was just a matter of figuring out which ciphers need to be turned on. The below will disable HTTP/2 and enable HTTP/1.1 on the IIS server itself.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]
“EnableHttp2Tls”=dword:00000000
“EnableHttp2Cleartext”=dword:00000000
Determining which cipher is causing the issue
I captured network traffic with Microsoft Network Monitor while getting the error and it looks like HTTP/2 does not like the below cipher.
I ended up installing IIS Crypto 2 and applied best practice and I was able to browse the site. This time around the below cipher was being used, so looks like HTTP/2 established a successful connection with the below cipher.
Disabling HTTP/2 in a web browser
You can disable this protocol in your browser and use HTTP/1.1
Chrome
Run it with the below parameter
chrome.exe –disable-http2
Firefox
Type about:config in the address bar
Click on I Accept The Risk
Search for network.http.spdy.enabled.http2
Change the value to False
Restart your browser