The Chrome browser reports the following error for websites running on an IIS server on Windows Server 2016:
ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY
In this case, Chrome does not allow the error to be ignored. The problem also occurs with Exchange 2016 servers installed on Windows Server 2016.
The problem lies in old cipher suites and protocols that are still active even with Windows Server 2016. Some of this is really ancient stuff.
There are several ways to solve the problem, but it always boils down to deactivating the old ciphers and protocols in the Windows registry.
The following REG file can be used to fix the problem. This deactivates the old ciphers and after a restart of the server there will be no more problems with Chrome.
Alternatively, the IIS Crypto tool can be used. IIS Crypto makes the same settings in the registry as the REG file above.
The IIS Crypto tool can be downloaded here:
After starting, you can also click on "Best Practice", which also deactivates the old ciphers and protocols:
After deactivating the old ciphers, Chrome also opens the page without any problems:
If you prefer to switch off the old stuff via GPO, you will find it here:
Group policy for deactivating SSL 3.0 and TLS 1.0 (ADM and ADMX)
The following protocols can be switched off via group policy:
- MultiProtocol Unified Hello
- PCT 1.0
- SSL 2.0
- SSL 3.0
In addition, the following ciphers can be deactivated:
- NULL Cipher
- DES 56/56
- RC2 (all)
- RC4 (all)
It is important that the server is also restarted here.