First published on MSDN on Sep 22, 2017
A customer recently ran into an issue where their SharePoint 2016 ASP.NET provider hosted applications, running on Windows Server 2016, and IIS 10 started throwing crypto errors. In Chrome, we saw "The webpage at https://app-[GUID].sharepointaddins.com/siteURL might be temporarily down or it may have moved permanently to a new address. ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY". After some research, reading on my part, and help from
the always knowledgeable Dean Cron
, we have an explanation. Newer versions of Chrome follow http/2 AKA HTTP 2.0 rules, which black lists some older ciphers. The default IIS 10 settings still let you negotiate to use those ciphers.
Other problematic scenarios include opening documents in Exchange via Office Web Applications/Office Online Server. Changes can be made on OWA/OOS servers.