If you’ve come across the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error on someone’s site and are wondering what it is or, better yet, are experiencing it on your own site and want to know what you can do to fix the issue – you’ve come to the right place.
What Is ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error?
ERR_SSL_VERSION_OR_CIPHER_MISMATCH is a relatively common SSL error that occurs when the web browser fails to establish a secure connection with the website.
The error can occur in any web browser – regardless of whether it’s Firefox, Google Chrome, or Microsoft Edge.
When a website visitor attempts to connect to your website by connecting to the server that hosts your website using SSL/HTTPS – various steps take place to ensure that this connection is established securely:
- A TLS handshake
- Verification of the SSL certificate with the certificate authority (CA)
If any of the steps mentioned above doesn’t happen properly, it can lead to the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
So, what could cause the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error on your site or someone else’s site?
What Causes the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error?
The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error only occurs on websites that use HTTPS encryption and SSL certificates to secure access and information exchange. These websites usually have a lock icon in the URL bar.
Another reason why ERR_SSL_VERSION_OR_CIPHER_MISMATCH error usually happens is due to the use of old web browsers or operating systems.
To break this down even more, let’s break down the name of the error:
- SSL has had multiple versions since its creation
- Cipher is a set of rules, instructions, or algorithms that determines how the secure connection will be established
Therefore, when the error occurs, it’s pretty self-explanatory where is the actual problem — either the SSL version doesn’t match, or the cipher has no way to establish a secure connection between you and the webserver because you’re not using the same cipher.
Other causes that can lead to ERR_SSL_VERSION_OR_CIPHER_MISMATCH error are:
- Server-side issues
- The problem with your SSL certificate
- Certificate name mismatch
- The latest version of TLS is not being used
- Use of RC4 Cipher Suite
- Client-side issues
- Using an old version of the Operating system or web browser
- Use of QUIC Protocol
- Settings of your antivirus software interfere with your browser’s default security settings.
- SSL state not being updated
All the issues, as mentioned earlier, become a cause of the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. However, they can be easily fixed, which will be discussed in the next section.
How To Fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error?
Let’s see each one of the causes and what you can do to fix them.
To check if the error is from the server-side, you will need to look at the following things:
Check The SSL certificate
Ensure your SSL certificate is correct and is issued by a trusted CA, which you can check from the free SSL certificate checker, and it takes only a few minutes to scan your website’s SSL/TLS configuration on your web server.
You can use Qualys SSL Labs to check your SSL certificate.
- Go to the website and click on ‘Test your server’.
- In the given field, type your hostname and press enter.
After a few seconds, you can see all the information about your SSL certificate to ensure that everything with the certificate is okay.
If something turns out to be a problem and your SSL certificate is incorrect, we advise switching to an SSL certificate from a trusted CA.
Certificate Name Mismatch
Check if the name in the certificate is incorrect. It’s important to see if the domain name and the name on the certificate are the same. According to SSL labs, other reasons for mismatch are:
- The website uses a content delivery system that doesn’t support SSL.
- The website doesn’t use SSL, though the IP address is shared with a different site.
- The website is unavailable, but the domain still mentions the old IP address, where there is some other website.
One way to check for certificate name mismatch is through Chrome DevTools, which you can do so by:
- Right-click on the website.
- Go to Inspect → Security Tab → View Certificate.
This will show all the required details of the certificate. If the information doesn’t match, then there is an issue with the certificate.
Sometimes, the error will not allow you to let in the Chrome DevTools, further confirming the issue in the certificate.
Use The Latest Version Of TLS
Whether an old or unsupported version of TLS is being used, the hosting service providers will generally use TLS version 1.2 or higher. Regardless, check the TLS version and look at the backward compatibility because some users might be using an old operating system that supports the older version of TLS.
The latest TLS version can be checked by going to the server test results from your SSL labs. Just under the site score, you can see what TLS version your site supports.
Also, it can happen that TLS 1.3 is supported by your server, but it is not enabled. You can find the same by entering ‘chrome://flags’ into the address bar of the Chrome browser. It will show you the Chrome Experimental Page, where enter ‘TLS 1.3’ into the search bar. The search results will show TLS 1.3 hardening for local anchors, where you need to select the enable button in the dropdown menu. Restart your browser and visit the website again.
Verify The RC4 Cipher Suite
RC4 cipher is an old encryption tool that modern browsers don’t support. If your website is still configured for RC4, you will likely face the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error on the latest browsers.
To avoid the error, move your website from RC4 or disable it and add the TLS 1.3 protocol, which you can do so by going to the configuration page of your SSL Labs and checking what is listed under the Cipher Suites. Generally, TLS 1.3 protocol should be listed there instead of RC4. But if RC4 is listed, it will be shown in red that you can disable it under the Protocol details section.
In case your client is using an old web browser or operating system, they are likely to face the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. The error can be avoided by:
Updating Web Browser And Operating System
Old web browsers or operating systems do not support the TLS 1.3 version, and because of that, SSL error occurs. Hence, it’s recommended to use the latest operating system and web browser.
Here we will show you how to update the Chrome browser. The steps will be similar if you’re using a different browser.
To update the Chrome browser:
- Click on the three vertical dots → Help → About Chrome
- The About Chrome page will show you whether you’re using the latest web version or if it needs an update
- If it needs an update, click on the update button. After Chrome gets updated, restart the web browser and visit the website again
Disable QUIC Protocol
The QUIC (Quick UDP Internet Connections) protocol is a popular alternative to HTTP2, TLS/SSL, and other security protocols. It is Google’s experimental project that sends simple data packages via User Datagram Protocol (UDP) without using any connection.
However, using a QUIC protocol can cause ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, which you can avoid by turning it off. You can disable the QUIC protocol by following the given steps:
- In the address bar of the new Chrome Tab, type ‘chrome://flags’, which will take you to the experimental page
- There, enter ‘quic’ in the search bar, which will show you all the searches related to ‘quic’
- On the first few searches, you will find ‘Experimental QUIC Protocol’. Next to it, click on the disable button from the dropdown menu
- Reboot your computer. The changes will be applied, and you can visit the website.
Turning Off Antivirus Software Temporarily
Antivirus software creates a layer between the web and your browser with their certificates, creating issues with the website’s settings. Additionally, they have their SSL/HTTPS protection function that becomes a cause for the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. Thus, to avoid the issue, you can temporarily turn off your antivirus software.
Disable your antivirus for a few minutes or for an hour, just so you can test this. Once you disabled it, try opening the website where you encountered the issue.
If the problem persists, then your antivirus is not causing the issue. If you are, however, able to open the website without encountering this error, consider disabling the HTTPS scanning feature or selecting a different antivirus program.
Clearing the SSL State of Your Computer.
Sometimes your computer SSL state stores old SSL certificates that aren’t necessary anymore, which can also become a case of ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
You can clear the SSL state in Windows by following the given steps:
- Type in “Internet Properties” in your search bar
- Once you open the Internet Properties or Internet Options box go to the Content tab
- Click “Clear SSL State”
This will clean the old SSL certificates and obtain a new one once you go back to Chrome, visiting websites.
What If the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error Persists?
Even after checking through all the above-mentioned solutions, if you still face the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, then try:
- Resetting your computer’s date and time.
- Delete all the cookies and cache from your web browser.
- Upgrade your operating system.
- Or, try using a different device.
Sometimes, not having a system up-to-date also contributes to the issue. But upgrading your web browser and resetting your computer’s date/time will fix the error.
Running into SSL errors is without a doubt not enjoyable – especially if it’s for your own site. We hope this guide has helped you get to the bottom of the SSL error you ran into today.
If you have any other questions about the ERR_SSL_VERSION_OR_CIPHER_MISMATCH SSL error and how to fix it – join the conversation & leave a comment below!
Categories: Server Management