INADEQUATE_SECURITY - SSL Cipher problems with HTTP2

HTTP2 requires encryption over SSL. The recommended SSL protocol for HTTP2 is TLS 1.2. Ciphers are encryption algorithms used by SSL protocols.

Certain devices specially old ones such as old Android mobile phones or old operating systems like Windows XP, support outdated SSL Ciphers that are not supported by HTTP2 protocol.

The TLS 1.2 Cipher Suite Black List shows the list of all SSL Ciphers that are not supported by the HTTP2 protocol. If a web browser running on an old operating system requests a SSL Cipher that is on the list of unsupported Ciphers, then the HTTP2 implementation of the browser should reject the connection to the server with INADEQUATE_SECURITY error message

To test if the connection between your device and a web server is over a reliable and secure HTTP2 connection, go to https://www.ssllabs.com/index.html and enter the url of the website

See the discussion nginx HTTP/2 support cipher problems on the official Plesk forum for more information

Published 19 Oct 2018

Pak Jiddat provides open source scripts and tutorials related to Web Development and System Administration.