The ERR SSL VERSION OR CIPHER MISMATCH error could be caused by certain security settings.
A third-party software might also generate this issue, and in this article we’re bringing you some efficient solutions.
Applying changes to the SSL might help you solve the annoying ERR SSL VERSION problem.
Sometimes switching to another browser can be the easy fix you need. See our guide for more
SSL errors are one of the most common problems encountered by internet users. While the error message in a browser might be quite scary for beginners, this problem is actually quite easy to solve. In this article, we will help you to resolve the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message quickly and effectively.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, we understand the state of mind you’re in right now. You’re frustrated, you’re curious, and you’re a bit mad. I totally get it. I too have been there, and it sucks. But working in the web security domain has its perks. I’ve got some brilliant minds around me who can get at the root of such errors and come up with accurate solutions. When we got asked about the ERR_SSL_VERSION_OR_CIPHER_MISMATCH message by our customers, our SSL experts took out their magnifying glasses and found some solutions.
While examining the anatomy of this error, they found that Google’s and Mozilla’s deprecation of RC4 cipher is causing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. So, they came up with four possible solutions to get this error out of your systems.
This message is basically the browser’s way to protect you from accessing unsafe websites.
In addition, the website you’re trying to access may also use an old version of a protocol that has some serious security holes which might endanger your device.
Furthermore, it is important to note that ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message only appears when you try to access websites that use SSL and HTTPS encryption to secure the access and information exchange.
The website that uses these encryptions have a lock icon in the URL bar.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message can be caused by various things, ranging from the incompatibility of one or more SSL certificates with the components on your device to the problems with system security settings such as firewalls and antiviruses that are not properly configured.
Another common cause of this error is QUIC (Quick UDP Internet Connections) protocol.
Moreover, other small things such as old cookies and stacked up browser history can also interfere with the security of the connection.
The err_ssl_version_or_cipher_mismatch error usually occurs when there’s a problem with the SSL certificate or encryption modules. There are a few server-side actions you can take to resolve this issue.
Here are some methods to resolve the error
Verify SSL Status of Website
Use a tool like the free Qualys SSL Labs Server Test. The tool examines the state of your certificates and encryption and generates a report.
This is a great place to start since the tool tests several different areas at once. If you have errors, the report highlights the sections that need attention.
Another way to check the SSL certificate status is to navigate to your website and click the padlock in the search bar.
Enable TLS 1.3 Support
TSL (Transport Layer Security) provides a secure connection between your browser and the web server. This layer is the direct successor of the SSL technology.
If this feature is disabled, it might be the reason why your browser rejects the certificates of some websites.
Luckily, most of the modern browsers, such as Google Chrome, are already equipped with TLS 1.3 by default.
However, if you have an older version of Chrome, you need to follow these steps to enable your browser TLS support:
- Open Google Chrome
- Type in chrome://flags in Chrome’s URL bar, then hit enter
- Now search for TLS
- Set the TLS 1.3 support to Enable
Try Clearing the SSL State On Your Computer
Another thing to try is clearing the SSL state in Chrome. Just like clearing your browser’s cache this can sometimes help if things get out of sync. To clear the SSL state in Chrome on Windows, follow these steps:
- Click the Google Chrome – Settings icon (Settings) icon, and then click Settings.
- Click Show advanced settings.
- Under Network, click Change proxy settings. The Internet Properties dialog box appears.
- Click the Content tab.
- Click “Clear SSL state”, and then click OK.
- Restart Chrome.
Does your server support the RC4 cipher?
The main reason why your Chrome throws up ERR_SSL_VERSION_OR_CIPHER_MISMATCH error is that of the RC4 cipher. Deprecated a long time ago, the RC4 cipher was deemed insecure. When you run the scan in SSL labs, go to the Cipher Suites section to check RC4 cipher. If your server supports it, disable it ASAP!
If you can’t turn it off, enable other ciphers.
We hope one of these solutions has helped you get rid of the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
Verify RC4 Cipher Suite
RC4 Cipher is an old and simple tool for encrypting traffic. It has been found to have significant vulnerabilities.
Some organizations still use RC4 for legacy applications, but most modern browsers do not support it. If a website is configured to use RC4, an error may occur.
The best solution is to move the site from RC4 to TLS 1.3 protocols. If you cannot completely disable RC4, add the TLS 1.3 protocol so that modern browsers don’t trigger the err_ssl_version_or_cipher_mismatch error.
Check for Certificate Name Mismatch
In this particular instance, the customer migrating to Kinsta had a certificate name mismatch which was throwing up the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. As you can see from the SSL Labs test below, this is pretty quick and easy to diagnose. As SSL Labs states, a mismatch can be a number of things such as:
The site does not use SSL, but shares an IP address with some other site that does.
The site no longer exists, yet the domain still points to the old IP address, where some other site is now hosted.
The site uses a content delivery network (CDN) that doesn’t support SSL.
The domain name alias is for a website whose name is different, but the alias was not included in the certificate.
Manually Inspect Security Certificate
To manually inspect your SSL Certificate, open the browser, load your webpage, and follow these steps:
In Firefox:
- Right-click anywhere on the page.
- Click View Page Info.
- Select the Security tab.
- Click View Certificate.
In Chrome:
- Right-click anywhere on the page.
- Click Inspect.
- In the Inspection pane near the top, click the arrows >> to reveal more options.
- Click Security.
- Click View Certificate.
In Safari:
- Double-click the padlock icon in the upper-right section.
- In the window that appears, click Show Certificate > Details.
- If the site you are checking is not secure and has no certificate, there will be no option to view the certificate.
Temporary Disable Antivirus
The last thing we recommend trying if you are still seeing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error is to ensure you don’t have an antivirus program running. Or try temporarily disabling it. Some antivirus programs create a layer between your browser and the web with their own certificates. This can sometimes cause issues.
Finally, the first thing you need to do while getting an unexpected error message in your browser is to calm down and read the error message carefully.