1,746 questions
I'm not sure that I can help you but since no one else has replied.... Are those images from the client or the web server? Are both servers configured to support the same protocols/ciphers?
Have you seen this page?
Ciphers vs IISCrypto?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 55.00000000000001%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDD%3C/text%3E%3C/svg%3E)
Duchemin, Dominique
2,006
Reputation points
Hello,
I am about to replace Microsoft Internet Explorer by Microsoft Edge I have an issue:
This is what I am seeing in IE: (OS: Windows Server 2016)
How should I translate it in IISCrypto:
Thanks,
Dom
Windows development | Internet Information Services
Windows for business | Windows Server | Devices and deployment | Configure application groups
Microsoft Edge | Microsoft Edge development
2,660 questions
7 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Limitless Technology 44,766 Reputation points2022-03-07T10:16:42.493+00:00 Hello @Duchemin, Dominique
This error ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY is due to a latter version of Edge, please run Windows Update and install any pending update.
Another option would be to disable HTTPS2 in your server with the next registry key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]
“EnableHttp2Tls”=dword:00000000
“EnableHttp2Cleartext”=dword:00000000Reference: https://learn.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis
Hope this helps with your query,
--
--If the reply is helpful, please Upvote and Accept as answer-- -
Gary Nebbett 6,216 Reputation points2022-03-12T11:09:49.363+00:00 Hello Dom,
RFC 7450 (Hypertext Transfer Protocol Version 2 (HTTP/2)) section 9.2.2 suggests that if the server only supports TLS 1.2 (and not TLS 1.3) then TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 will need to be negotiated.
Gary
-
Duchemin, Dominique 2,006 Reputation points
2022-03-01T19:24:47.39+00:00 Hello,
I ran nmap:
Starting Nmap 7.80 ( https://nmap.org ) at 2022-03-01 11:14 Pacific Standard Time
Nmap scan report for VRPSCCMDP01 (xxx.xxx.xxx.xxx)
Host is up (0.0020s latency).
rDNS record for xxx.xxx.xxx.xxx: yyyyyyyy.adPORT STATE SERVICE VERSION
443/tcp open ssl/https
|_http-server-header: Microsoft-IIS/10.0
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp521r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp521r1) - A
| compressors:
| NULL
| cipher preference: server
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp521r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp521r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp521r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp521r1) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp521r1) - A
| compressors:
| NULL
| cipher preference: server
|_ least strength: AWhich one is missing to allow the web site?
Thanks,
Dom -
Duchemin, Dominique 2,006 Reputation points
2022-03-02T00:58:45.257+00:00 Thanks MotoX80...
The screenshots are from the Web Server.
I was trying to test the ciphers one-by-one and after reading your post I think I was changing the Client Ciphers and browsing the web server which does not make sense.... as this web server was never changed!!!I will review this.
Still trying to identify the ciphers needed...Thanks for catching this.
Dom