The last windows patch seems to have broken the ability of Browsers to connect to the application using HTTPS.
The APP is ASP.NET Core 3.1 based and uses Kestrel and GRPC (both using port 5001).
Kestrel configuration was changed to restrict it to TLS 1.2 (hoping this would fix the issue):
bld = Host.CreateDefaultBuilder(args)
.ConfigureLogging(config => { //added to clear logging providers
config.ClearProviders();
})
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseKestrel(options =>
{
options.AddServerHeader = false;
//added by HSF to try and get HTTPS to use TLS1.2
options.ConfigureHttpsDefaults(s =>
{
**s.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
s.ServerCertificate = cert;
//s.SslProtocols = SslProtocols.Tls12;**
});
options.Listen(IPAddress.Any, 5000);
options.Listen(IPAddress.Any, 5001, listenOptions =>
{
listenOptions.UseHttps(cert);
});
});
webBuilder.UseUrls(urls);
webBuilder.UseStartup<Startup>();
}).UseWindowsService();
}
The "cert" is self-signed with the following usages:
request.CertificateExtensions.Add(
new X509KeyUsageExtension(X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyAgreement, false));
GRPC is also using port 5001.
This all was working previously.
Chrome gives the indication of: ERR_SSL_PROTOCOL_ERROR when attempting to connect. Tried Firefox, Brave, Opera, and Edge all had issues.
Any ideas?