How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Are you running into the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error?

This error displays in the user’s browser when they try to access a website. It means that there’s a difference in the security information that was provided and the actual configuration on the web server. This guide offers easy solutions.

As a developer, you might get a report that a user encountered this error navigating your website. Or, you might see this error pop up in your Apache error logs.

This error usually occurs when there’s a problem with the SSL or encryption modules. There are a few actions you can take on the server side to resolve this issue.

Use a tool like the free Qualys Labs SSL Server Test. The tool examines the state of your certificates and encryption and generates a grade and a report.

This is a great place to start since it tests several different areas at once. If you have errors, the report will highlight the areas that need attention.

An SSL Certificate proves that your website is who it claims to be. The website name and the name on the certificate have to match, and the certificate has to come from a trusted provider. There are a few reasons the names might not match, which can generate ERR_SSL_VERSION:

• The site does not use SSL, but another site with the same IP address does use SSL
• The domain points to an old IP address – the old website doesn’t exist, but a new website has the old IP address
• The site has a CDN (Content Delivery Network) that is not using SSL
• The site has a domain name alias, but that alias isn’t on the certificate

These should be fairly straightforward to resolve, once you understand the source of the problem.

TLS stands for Transport Layer Security and is a security protocol that’s used to encrypt communications between websites. The current version (at the time this article was written) is TLS 1.3. If your site is running an older version of TLS, it may cause the CIPHER_MISMATCH error

Most modern browsers are set to use the latest version of TLS (if available on the website). If your server is not configured to use TLS 1.3, consider updating to the latest protocol.

RC4 Cipher is an older, simple tool for encrypting traffic. It has been found to have significant vulnerabilities.

Some organizations still use it for legacy applications, but most modern browsers have removed RC4 support. If a website is configured to use RC4, an error may happen.

The best solution is to transition the site from RC4 to TLS 1.3 protocols. If you cannot wholly disable RC4, you can add the TLS 1.3 protocol so that modern browsers don’t trigger the error.

To manually inspect your SSL Certificate In Firefox:

• Right-click the webpage
• Click Page Info
• Click the Security tab
• Click View Certificate

In Chrome:

• Right-click the webpage
• Click Inspect
• In the Inspection pane near the top, click the >> button (next to Network), then click Security
• Click View Certificate

In Safari:

• Double-click the padlock icon in the upper-right
• In the window that appears, click Show Certificate > Details

This issue can appear on older operating systems and outdated browsers. Newer security protocols may be incompatible with older browsers and operating systems.

As a workaround, try the following:

1. Switch to a non-encrypted version of the website. Check the address bar. If you see a green padlock, and the web address starts with https:// then the website is encrypted. Try entering the web address with http:// to see if it connects. (Note: Don’t send sensitive data, like passwords or credit card numbers, over an unencrypted connection!)
2. Try to connect with a different computer. If you have access to a different computer with a newer operating system, you can try to connect from there.
3. Update or switch your web browser. Most modern browsers update automatically on restart. If yours is out of date, you can usually click the menu button then Update browser. Or, you can download a different web browser and try the website from there.
4. Clear the SSL cache in your browser. The procedure varies by browser. Generally, if you clear the entire cache, it will include the SSL data. On older systems, you can open Internet Properties, go to the Content tab, and click Clear SSL State. On newer browsers, you may need to go to Settings > Advanced to find SSL settings.

• • In Firefox 66, click Menu > Options > Privacy & Security to view certificate information.
  • In Chrome 73, click Menu > Settings > Advanced > Manage Certificates to view certificate information. ‘
  • In Windows 10, you can use the Search bar to search for Internet Options > Content tab > Clear SSL State. (This can be found in the Control Panel on older versions of Windows.)

Like most error messages, the err_ssl_version_or_cipher_mismatch error gives you a clue on where to find the problem.

It mentions SSL, which we know is encryption. This points us towards looking at the security and encryption protocols. Since SSL depends on certificates, encryption, and certificates are an excellent place to start. The error also mentions cipher, which also refers to encryption. That suggests that we should look for ciphers and related technology, like public and private cryptography keys. This points us back to encryption and security.