If you get this error (NS_ERROR_NET_INADEQUATE_SECURITY) when visting HTTPS site on Firefox, that means the web server has something wrong with SSL certificate (old ciphers, lower TLS version).
Here is how to fix your Firefox to access that page:
- Open Firefox and type about:config in the address bar
- Click on I accept the risk button
- Type http2 in search box
- Find network.http.spdy.enabled.http2 and double click to make it false (to disable http2).
That’s all. You may need to close Firefox and reopen it.
Hope it helped you. 🙂
Published by —Anand—
Being in Silicon Valley for years, I became a IT Infrastructure Geek by experience and surrounded by other Geeks everywhere. I try to help others by the solutions I found on odd occasions.
View all posts by —Anand—
Published
September 19, 2018
Windows
If you’ve recently upgraded an IIS web server to Windows Server 2016, you may come across a NS_ERROR_NET_INADEQUATE_SECURITY error in Firefox or an ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY error in Google Chrome. There are a few reasons for this and the main one is that IIS in Windows Server 2016 turns on HTTP/2 by default and only falls back to the older HTTP/1.1 if the browser doesn’t support HTTP/2. While HTTP/2 is generally a good thing and most recent browser support it, it also has stricter requirements than HTTP/1.1 and the issue with these browser errors is that the Windows Server 2016 is trying to establish an HTTP/2 session with the browser but the server is configured with some weaker SSL Ciphers which aren’t supported by HTTP/2.
At the server level, there are a few options you have to resolve this issue. First, you can disable the weaker cipher suites, which is recommended for security purposes, and leave HTTP/2 enabled. The second option is to disable HTTP/2 in IIS and only use the older HTTP/1.1 standard. We’ll walk you through both options.
Disable Weak Cipher Suites
The easiest way to toggle cipher suites and SSL protocols is by using a utility called IISCrypto which you can download here. When you open IISCrypto, you can use the Best Practices button to automatically disable insecure protocols and weaker cipher suites. You’ll need to reboot to make the changes take effect. If you’re more advanced, you can fine tune these protocols and cipher suites manually using IISCrypto as well.
Disable HTTP/2 in IIS on Windows Server 2016
If you decide to disable HTTP/2 in IIS on Windows Server 2016 and only use HTTP/1.1, you can do so by adding two DWORD registry keys. You can copy the text in the box below into an empty Notepad file and save it as a .reg file. Then double-click the file to import the registry keys and reboot.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]
“EnableHttp2Tls”=dword:00000000
“EnableHttp2Cleartext”=dword:00000000
If you decide to enable HTTP/2 at a later time, you can either delete the two registry keys or change their values to 1.
How to Disable HTTP/2 in Firefox
If you’re trying to browse to a website and you’re getting the error NS_ERROR_NET_INADEQUATE_SECURITY in Firefox and you’re not an administrator of the server, you can disable HTTP/2 in Firefox.
- Open Firefox and type about:config in the address bar
- Click on I Accept The Risk
- Search for network.http.spdy.enabled.http2
- Change the value to False
- Restart your browser
It is not giving me an Advanced button or an «I know the risks» button, or any other way to respond. Among the sites that won’t load is mozilla.org.
This is what the window says when I try to visit almost any https site:
Your connection is not secure
The website tried to negotiate an inadequate level of security.
www.mozilla.org uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe. The website administrator will need to fix the server first before you can visit the site.
Error code: NS_ERROR_NET_INADEQUATE_SECURITY
I looked at the troubleshooting information, «Important Modified Preferences», but there were no security.* preferences mentioned, or any mention of SSL/TLS.
I tried refreshing again but same result.
Oddly, app.napster.com loads OK (but I can’t get it to play any music).
Using 57.0.1, 64-bit, Fedora 27, Linux kernel 4.14.8.
It is not giving me an Advanced button or an «I know the risks» button, or any other way to respond. Among the sites that won’t load is mozilla.org.
This is what the window says when I try to visit almost any https site:
—————————————————————————
Your connection is not secure
The website tried to negotiate an inadequate level of security.
www.mozilla.org uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe. The website administrator will need to fix the server first before you can visit the site.
Error code: NS_ERROR_NET_INADEQUATE_SECURITY
——————————————————————————-
I looked at the troubleshooting information, «Important Modified Preferences», but there were no security.* preferences mentioned, or any mention of SSL/TLS.
I tried refreshing again but same result.
Oddly, app.napster.com loads OK (but I can’t get it to play any music).
Using 57.0.1, 64-bit, Fedora 27, Linux kernel 4.14.8.
Chosen solution
Thanks so much, disabling SPDY indeed got my browser working again. However, I’m still uneasy about two things —
- There is no antivirus, etc. running on this machine
& Why did a refresh trigger this? The default value of the config option you mention is indeed true, so it was true after the refresh. But I'm almost positive I never disabled it before.
Oh well, there are enough real problem to worry about without bothering with conceptual ones!
Bob
Read this answer in context
👍 0
Ошибки ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY (в Google Chrome) и NS_ERROR_NET_INADEQUATE_SECURITY (в Mozilla Firefox) появляются из-за неправильно выставленных настроек протоколов безопасности в браузере. В Chrome для исправления ошибки достаточно отключить SPDY/4 и экспериментальный протокол Experimental QUIC protocol. Реже — требуется сброс других настроек.
Отключение протоколов в Chrome:
- Вбить в адресной строке chrome:flags, нажать Enter.
- Найти в списке Experimental QUIC protocol (если есть) и отключить.
- Найти в списке Enable SPDY/4 и отключить.
- Перезагрузить браузер и попытаться зайти на нужный сайт.
Если не получилось, можно вернуть все настройки Google Chrome к заводским. Для выставления настроек по-умолчанию в адресной строке нужно ввести chrome://settings/resetProfileSettings. Сброс настроек может стереть сохраненные данные в браузере.
И в Chrome, и в Firefox ошибка ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY (Your connection is not secure/Ваше соединение не безопасно) может появляться у пользователей Windows XP. В этой операционной системе, при использовании сильно устаревшего браузера, пользователя может блокировать сам сайт. Это происходит из-за настроек безопасности на хостинге. Самое простое решение — воспользоваться другим браузером или обновить текущий до последней версии.
Опытные пользователи могут попробовать избавиться от ошибки через редактор реестра:
- Открыть Пуск -> Выполнить -> regedit.
- Найти ветку HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Http \Paramaters.
- Добавить два параметра EnableHttp2Cleartext 0 и
EnableHttp2Tls 0 (0 — значение параметра). - Закрыть редактор реестра, перезапустить компьютер, попытаться заново зайти на сайт.
Если сайт нормально работал, а потом стала появляться ошибка, можно попробовать очистить кэш и сбросить настройки сертификатов SSL/TLS, воспользовавшись инструкциями из этой статьи. Если после переименования папки default, находящейся по адресу %USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data, ошибка исчезает, то проблема именно в кэше.
Владельцам сайтов важно правильно настраивать сертификаты SSL при переходе с HTTP на HTTP/2 (https). Протокол HTTP/2 не будет работать при неправильно настроенном сертификате SSL, что и является первопричиной появления проблемы (подробнее про настройку SSL можно почитать, например, тут https://intsystem.org/security/pereexal-na-https-vklyuchil-http2/). Пользователю остается лишь отключать протоколы в настройках браузера, чтобы заходить на сайт без появления ошибок.
ns_error_net_inadequate_security is a common error message that web users encounter when their browser deems a website is unsafe to visit. This error message is often accompanied by a warning message stating that the connection is not secure and that sensitive information such as passwords or credit card details could be intercepted by attackers.
The error message can appear on any website, but it is most common on sites that use the HTTPS protocol. When a website uses HTTPS, it encrypts all the information sent between the user’s browser and the web server. This encryption ensures that any personal information is kept secure. However, if the website does not have adequate security measures in place, the browser may trigger the ns_error_net_inadequate_security error message.
What causes ns_error_net_inadequate_security?
There are several reasons why a website may trigger the ns_error_net_inadequate_security error message:
- The website has an expired SSL/TLS certificate.
- The website is using a self-signed certificate, rather than a trusted SSL/TLS certificate.
- The website’s SSL/TLS certificate was issued by a Certificate Authority that the browser doesn’t trust.
- The website is using an outdated version of the SSL/TLS protocol.
These issues can leave a website vulnerable to attacks by hackers trying to intercept sensitive information. As a result, browsers will display the ns_error_net_inadequate_security error message to warn users of the potential danger.
How to fix ns_error_net_inadequate_security?
If you encounter the ns_error_net_inadequate_security error message, you can follow some steps to fix it:
- Check the website’s SSL/TLS certificate. Make sure it is up-to-date and issued by a trusted Certificate Authority.
- Update your browser to the latest version.
- Try accessing the website from a different network. It’s possible that the issue is with your internet connection rather than the website itself.
By taking these steps, you can resolve the ns_error_net_inadequate_security error message and ensure that your personal information is kept safe.
Conclusion
The ns_error_net_inadequate_security error message is an important warning for web users. It informs us that the website we are trying to access does not have adequate security measures in place. By understanding what causes this error message and how to fix it, we can ensure that our personal information is kept safe online.