How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Introduction

The error ERR_SSL_VERSION_OR_CIPHER_MISMATCH occurs when a user’s browser cannot establish a secure connection with a web server that uses HTTPS and SSL. The issue may lie in the server configuration or locally on a user’s computer.

Follow the easy solutions  in this guide to fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

Guide on how to fix err_ssl_version_or_cipher_mismatch.

Solutions for Website Developers

As a developer or a webmaster, you might get a report that a user encountered this error when trying to access your website. The error may also appear in your Apache error logs.

The err_ssl_version_or_cipher_mismatch error usually occurs when there’s a problem with the SSL certificate or encryption modules. There are a few server-side actions you can take to resolve this issue.

Note: SSL stands for Secure Socket Layer, which refers to encryption security in your browser. Cipher refers to the code used to encrypt and decrypt the information.

Verify SSL Status of Website

Use a tool like the free Qualys SSL Labs Server Test. The tool examines the state of your certificates and encryption and generates a report.

This is a great place to start since the tool tests several different areas at once. If you have errors, the report highlights the sections that need attention.

Another way to check the SSL certificate status is to navigate to your website and click the padlock in the search bar.

On Google Chrome, it looks like this:

Verifying status of SSL certificate in Chrome to see if it is the cause of ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

This method should be used only for a quick reference. We recommend using a dedicated tool, such as the Qualys SSL Labs tool we mentioned.

Check for Certificate Name Not Matching

An SSL certificate proves that your website is who it claims to be. The website name and the name on the certificate must match. Additionally, the certificate must come from a trusted provider.

There are a few reasons the names might not match, which can generate the error ERR_SSL_VERSION_OR_CIPHER_MISMATCH:

  • When the domain does not use SSL, but another domain with the same IP address uses SSL.
  • The domain points to an old IP address it no longer uses. The old website doesn’t exist, but another website has the first domain’s old IP address.
  • The site uses a CDN (Content Delivery Network) that does not support SSL.
  • The site has a domain name alias that is not in the certificate.

Once you determine the source of the problem, you can resolve the issue easily.

Verify TLS Version

TLS stands for Transport Layer Security and is a security protocol that’s used to encrypt communications between websites. The current version (at the time this article was written) is TLS 1.3. If your site is running an older version of TLS, it may cause the CIPHER_MISMATCH error.

Most modern browsers are set to use the latest version of TLS (if available on the website). If your server is not configured to use TLS 1.3, consider updating to the latest protocol.

Verify RC4 Cipher Suite

RC4 Cipher is an old and simple tool for encrypting traffic. It has been found to have significant vulnerabilities.

Some organizations still use RC4 for legacy applications, but most modern browsers do not support it. If a website is configured to use RC4, an error may occur.

The best solution is to move the site from RC4 to TLS 1.3 protocols. If you cannot completely disable RC4, add the TLS 1.3 protocol so that modern browsers don’t trigger the err_ssl_version_or_cipher_mismatch error.

Manually Inspect Security Certificate

To manually inspect your SSL Certificate, open the browser, load your webpage, and follow these steps:

In Firefox:

  • Right-click anywhere on the page.
  • Click View Page Info.
  • Select the Security tab.
  • Click View Certificate.

In Chrome:

  • Right-click anywhere on the page.
  • Click Inspect.
  • In the Inspection pane near the top, click the arrows >> to reveal more options.
  • Click Security.
  • Click View Certificate.

In Safari:

  • Double-click the padlock icon in the upper-right section.
  • In the window that appears, click Show Certificate > Details.

If the site you are checking is not secure and has no certificate, there will be no option to view the certificate.

Solutions for End Users

The err_ssl_version_or_cipher_mismatch error can appear due to a client-side issue. The reason can be an older version of operating systems or an outdated browser. Current versions of TLS protocols are incompatible with old browsers and operating systems.

To bypass the mismatch error, try the solutions we list below.

Connect with a Different Computer

The easiest method to check if only your computer has the issue loading a website is to try using a different computer. The safest bet is to try from a machine with a recent version of an operating system.

If you can load the website without getting the error, you can proceed with troubleshooting using the suggestions in this guide.

Delete Cache and Cookies on Your Browser

Clearing your browser’s cache and cookies can help with SSL certificate issues. Depending on the browser and the version you are using, the steps to find the section for clearing cache may be different.

The CTRL+SHIFT+DELETE hotkey combination works for most browsers. When the pop up for clearing history or cache appears, change the timeframe to All or Everything. If you check all the options, you will lose saved logins and all history, so you can uncheck those options if you want to.

Enable TLS 1.3 Version on Old Browsers

Recent versions of web browsers use TLS 1.3 by default. If you did not update your browser or do not want to, you can check the TLS version and enable 1.3.

In Firefox:

Open a new tab and type about:config in the address bar. Click the button to accept the risk and then type security.tls in the search bar.

Look for the security.tls.version.max option towards the bottom of the list. Set the value to 4 if it is not already set.

Checking TLS security settings in Firefox to fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

In Chrome:

Open a new tab and type chrome://flags in the address bar. Search for TLS using the search bar at the top. The results will include the TLS 1.3 downgrade hardening options.

Disable QUIC Protocol

Chrome has many security settings, and “Experimental QUIC Protocol” can be the cause of the err_ssl_version_or_cipher_mismatch error.

To disable the QUIC protocol in Chrome:

In the address bar type in chrome://flags. In the search bar at the top, enter QUIC. The search results should list “Experimental QUIC protocol.”

Change from Default to Disabled, restart Chrome, and try loading the website again.

Chrome QUIC Protocol settings change to disabled.

Clear the SSL State on your Computer.

To clear the SSL state on your computer, go directly to the “Internet Properties” section. The quickest way in Windows 10 is to search for “Internet Properties” or “Internet Options” from the Start menu.

Checking Internet Options using the Start menu for solution to the error with SSL.

Navigate to the Content tab and click Clear SSL state.

Clearing the SSL state to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

The pop-up message “The SSL cache was successfully cleared” appears.

Some older versions of Chrome allow you to access Internet Properties and clear SSL state from the advanced settings menu.

Update or Change your Web Browser

Most modern browsers update automatically on restart. If your browser did not update automatically, you could manually update it.

To check the version on most popular browsers, navigate to the Help and About section.

Updating Firefox through About section in order to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

In most cases, you can manually update the browser from here. Once the update completes, try loading the website again.

Conclusion

This guide listed the most common solutions for the err_ssl_version_or_cipher_mismatch error. The causes may be on the server side or the client side.

By following the steps listed in this guide, you should be able to find the cause of the error and fix it.

Was this article helpful?
YesNo
Goran Jevtic
Goran combines his leadership skills and passion for research, writing, and technology as a Technical Writing Team Lead at phoenixNAP. Working with multiple departments and on various projects, he has developed an extraordinary understanding of cloud and virtualization technology trends and best practices.
Next you should read
Bare Metal Servers Security
21 Server Security Tips to Secure Your Server
April 20, 2019
Hackers are always on the lookout for server vulnerabilities. Minimize risks and be confident your data is...
Read more
Networking Web Servers
What is a Domain Name System (DNS) & How Does it Work?
January 22, 2019
Domain Name System (DNS) first emerged in the early 1980s. It represents a system of interconnected servers...
Read more
Networking SysAdmin
How to Flush DNS Cache Locally in Windows, macOS, & Linux
January 8, 2019
DNS cache can be corrupted for a number of different reasons, including network attacks or viruses. When that...
Read more
Security
OpenSSL Tutorial: How Do SSL Certificates, Private Keys, & CSRs Work?
September 11, 2018
Initially developed by Netscape in 1994 to support the internet's e-commerce capabilities, Secure Socket...
Read more
    • © 2021 Copyright phoenixNAP | Global IT Services. All Rights Reserved.