Per latest http2 spec Diffie Helman key exchange is required. Currently our server and Chrome are not able to negotiate this.
Chrome advertises other ciphers in its handshake (non DH as well). And our server selects non DH cipher as result..
Than later inside http2 code chrome checks what sec is selected and if in is not DH or elliptic curves DH it throws ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY error.
I can restrict ciphers on server side to DH or ECDH only, but after that chrome and server can not negotiate any suite at all (no_shared_cipher error).
I still haven’t find out why this is happens, it seems there is some kind of openssl builds conflict.
Per latest http2 spec Diffie Helman key exchange is required. Currently our server and Chrome are not able to negotiate this. Chrome advertises other ciphers in its handshake (non DH as well). And our server selects non DH cipher as result.. Than later inside http2 code chrome checks what sec is selected and if in is not DH or elliptic curves DH it throws ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY error.
I can restrict ciphers on server side to DH or ECDH only, but after that chrome and server can not negotiate any suite at all (no_shared_cipher error). I still haven’t find out why this is happens, it seems there is some kind of openssl builds conflict.