Firefox 48.0.2 NS_ERROR_NET_INADEQUATE_SECURITY with HTTP2
Hi, since enabling HTTP2 on our server I'm getting the following error message when opening the http address, which 301 redirects to https :
Your connection is not secure
The website tried to negotiate an inadequate level of security.
biobanking.org uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe. The website administrator will need to fix the server first before you can visit the site.
Error code: NS_ERROR_NET_INADEQUATE_SECURITY
Server: Apache/2.4.23 (Win64) OpenSSL/1.0.2h PHP/7.0.8
SSL Config: SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4 SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4 SSLHonorCipherOrder on SSLProtocol all -SSLv3 SSLProxyProtocol all -SSLv3 SSLPassPhraseDialog builtin SSLSessionCacheTimeout 300
In VirtualHost config: - Protocols h2 http/1.1
When I refresh the https address it shows me the same message once, after the next refresh the site is showing up correctly.
Hope you can look into it
Additional System Details
- ActiveTouch General Plugin Container Version 105
- Adobe PDF Plug-In For Firefox and Netscape 11.0.10
- Adobe PDF Plug-In For Firefox and Netscape 11.0.17
- A plugin to detect whether the Adobe Application Manager is installed on this machine.
- Citrix Online App Detector Plugin
- Google Update
- NPRuntime Script Plug-in Library for Java(TM) Deploy
- Next Generation Java Plug-in 11.40.2 for Mozilla browsers
- Office Authorization plug-in for NPAPI browsers
- The plug-in allows you to open and edit files using Microsoft Office applications
- Shockwave Flash 23.0 r0
- VLC media player Web Plugin
- User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0
Oops, should've read the documentation better. Apparently I didn't choose the right SSLCipherSuite. I went with the one listed here: https://icing.github.io/mod_h2/howto.html to solve my problem