First published on MSDN on Sep 22, 2017
A customer recently ran into an issue where their SharePoint 2016 ASP.NET provider hosted applications, running on Windows Server 2016, and IIS 10 started throwing crypto errors. In Chrome, we saw "The webpage at https://app-[GUID].sharepointaddins.com/siteURL might be temporarily down or it may have moved permanently to a new address. ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY". After some research, reading on my part, and help from the always knowledgeable Dean Cron , we have an explanation. Newer versions of Chrome follow http/2 AKA HTTP 2.0 rules, which black lists some older ciphers. The default IIS 10 settings still let you negotiate to use those ciphers.
Other problematic scenarios include opening documents in Exchange via Office Web Applications/Office Online Server. Changes can be made on OWA/OOS servers.
Here are two ways to fix this.
This probably isn't a great idea, because you lose all the security enhancements with HTTP/2.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.