Introduction
Are you running into the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error?
This error displays in the user’s browser when they try to access a website. It means that there’s a difference in the security information that was provided and the actual configuration on the web server. This guide offers easy solutions.
Solutions For Website Developers
As a developer, you might get a report that a user encountered this error navigating your website. Or, you might see this error pop up in your Apache error logs.
This error usually occurs when there’s a problem with the SSL or encryption modules. There are a few actions you can take on the server side to resolve this issue.
Note: SSL stands for Secure Socket Layer, which refers to encryption security in your browser. Cipher refers to the code used to encrypt and decrypt the information.
Verify SSL Status of Website
Use a tool like the free Qualys Labs SSL Server Test. The tool examines the state of your certificates and encryption and generates a grade and a report.
This is a great place to start since it tests several different areas at once. If you have errors, the report will highlight the areas that need attention.
Check for Certificate Name Not Matching
An SSL Certificate proves that your website is who it claims to be. The website name and the name on the certificate have to match, and the certificate has to come from a trusted provider. There are a few reasons the names might not match, which can generate ERR_SSL_VERSION:
- The site does not use SSL, but another site with the same IP address does use SSL
- The domain points to an old IP address – the old website doesn’t exist, but a new website has the old IP address
- The site has a CDN (Content Delivery Network) that is not using SSL
- The site has a domain name alias, but that alias isn’t on the certificate
These should be fairly straightforward to resolve, once you understand the source of the problem.
Verify TLS Version
TLS stands for Transport Layer Security and is a security protocol that’s used to encrypt communications between websites. The current version (at the time this article was written) is TLS 1.3. If your site is running an older version of TLS, it may cause the CIPHER_MISMATCH error
Most modern browsers are set to use the latest version of TLS (if available on the website). If your server is not configured to use TLS 1.3, consider updating to the latest protocol.
Verify RC4 Cipher Suite
RC4 Cipher is an older, simple tool for encrypting traffic. It has been found to have significant vulnerabilities.
Some organizations still use it for legacy applications, but most modern browsers have removed RC4 support. If a website is configured to use RC4, an error may happen.
The best solution is to transition the site from RC4 to TLS 1.3 protocols. If you cannot wholly disable RC4, you can add the TLS 1.3 protocol so that modern browsers don’t trigger the error.
Manually Inspect Security Certificate
To manually inspect your SSL Certificate In Firefox:
- Right-click the webpage
- Click Page Info
- Click the Security tab
- Click View Certificate
In Chrome:
- Right-click the webpage
- Click Inspect
- In the Inspection pane near the top, click the >> button (next to Network), then click Security
- Click View Certificate
In Safari:
- Double-click the padlock icon in the upper-right
- In the window that appears, click Show Certificate > Details
Solutions for End Users
This issue can appear on older operating systems and outdated browsers. Newer security protocols may be incompatible with older browsers and operating systems.
As a workaround, try the following:
- Switch to a non-encrypted version of the website. Check the address bar. If you see a green padlock, and the web address starts with https:// then the website is encrypted. Try entering the web address with http:// to see if it connects. (Note: Don’t send sensitive data, like passwords or credit card numbers, over an unencrypted connection!)
- Try to connect with a different computer. If you have access to a different computer with a newer operating system, you can try to connect from there.
- Update or switch your web browser. Most modern browsers update automatically on restart. If yours is out of date, you can usually click the menu button then Update browser. Or, you can download a different web browser and try the website from there.
- Clear the SSL cache in your browser. The procedure varies by browser. Generally, if you clear the entire cache, it will include the SSL data. On older systems, you can open Internet Properties, go to the Content tab, and click Clear SSL State. On newer browsers, you may need to go to Settings > Advanced to find SSL settings.
- In Firefox 66, click Menu > Options > Privacy & Security to view certificate information.
- In Chrome 73, click Menu > Settings > Advanced > Manage Certificates to view certificate information. ‘
- In Windows 10, you can use the Search bar to search for Internet Options > Content tab > Clear SSL State. (This can be found in the Control Panel on older versions of Windows.)
Conclusion
Like most error messages, the err_ssl_version_or_cipher_mismatch error gives you a clue on where to find the problem.
It mentions SSL, which we know is encryption. This points us towards looking at the security and encryption protocols. Since SSL depends on certificates, encryption, and certificates are an excellent place to start. The error also mentions cipher, which also refers to encryption. That suggests that we should look for ciphers and related technology, like public and private cryptography keys. This points us back to encryption and security.
Next you should also read
How To Install SSL Certificate on Apache for CentOS 7
September 15, 2019
Learn how to obtain and install SSL Certificates on Apache CentOS 7. The article explains how to use an…
21 Server Security Tips to Secure Your Server
April 20, 2019
Hackers are always on the lookout for server vulnerabilities. Minimize risks and be confident your data is…
What Is a Domain Name System (DNS) & How Does It Work?
January 22, 2019
Domain Name System (DNS) first emerged in the early 1980s. It represents a system of interconnected servers…
How To Flush DNS Cache Locally in Windows, macOS, & Linux
January 8, 2019
DNS cache can be corrupted for a number of different reasons, including network attacks or viruses. When that…
OpenSSL Tutorial: How Do SSL Certificates, Private Keys, & CSRs Work?
September 11, 2018
Initially developed by Netscape in 1994 to support the internet’s e-commerce capabilities, Secure Socket…
Author
Goran Jevtic
Goran combines his passions for research, writing and technology as a technical writer at phoenixNAP. Working with multiple departments and on a variety of projects, he has developed extraordinary understanding of cloud and virtualization technology trends and best practices.