If you are someone who knows a little about websites and hosting, you may know how important it is to keep your website’s connections on the internet encrypted and how SSL certificates play an important role in it.
But sometimes, SSL certificates may also become the root cause of many errors such as err_ssl_protocol_error, ERR_SSL_VERSION_OR_CIPHER_MISMATCH, etc. These errors might seem frustrating but, in reality, are pretty easy to resolve.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH error often occurs due to the version of the SSL certificates. So let us get into this guide which will tell you how to fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. With every problem comes to a solution, and here we offer six of them.
What Is the ERR_SSL_VERSION OR CIPHER_MISMATCH Error?
Staying safe while surfing the internet is vital, and not doing so might cause you to leak lots of your personal information and lose your money. Since not every internet user can put up paid security walls, your browser does it for you.
Whenever you access a website, your browser automatically checks the other party’s authenticity and SSL certificate. This is to ensure that the connections you make with that website are safe and encrypted.
This process is known as TLS Handshake. Transport layer security ensures that the connection or communication between your computer and the web server is safe.
How the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error is, when your browser and the web server decline or fail to support the SSL certificate version or the Cipher suite during TLS Handshake, your browser will indicate this to be the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
What Causes the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error?
ERR_SSL_VERSION_OR_CIPHER_MISMATCH error does nothing wrong but keeps you safe from reaching unsafe websites and keeps your data safe. Also, this error may tell you that the website you are trying to access is using an unsupported version of the SSL certificate, which might cause data security issues.
However, there is no one reason for the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error to occur. So before we learn how to fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, we might want to look into its various causes.
- Invalid SSL Certificates
- An outdated browser or operating system
- Web browser’s cache
- QUIC protocol
- Antivirus
Also, this ERR_SSL_VERSION_OR_CIPHER_MISMATCH error only happens to those websites with a padlock icon on their website address bar. This means that these websites use SSL certificates and HTTPS security tools.Â
Also read: How To Install SSL On A Subdomain?
How to Fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
Now that you know the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, its basics, its origin, and what causes it, it’s time to move on to the main talk of this article, how to fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
It is suggested that you keep a backup of your data before moving ahead with any further steps, as you know precautions are better than cures. So why take risks? So now, let us get to business.
Check the SSL/TLS Certificate
Before you go ahead with anything else, it is best to start with the basics. You know that the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error is primarily caused due to the invalid versions of SSL and TLS, so what not start by checking them first?
Checking the validity of an SSL certificate is a provided tool in a few hosting platforms and might require a little experience in hosting. You may test your SSL certificates with the Qualys SSL Labs to do it most efficiently.
This tool will check for your SSL certificate’s validity and tell you if anything is wrong. At the end of the scan, you will be provided with a report which will give you the details of the entire scan, including the invalidity or outdatedness.
To check your SSL certificate, you can type in the URL of your site and wait for the Qualys SSL Labs tool to do its work.
Once the test for the validity of the SSL certificate has been completed, Qualys will check for three crucial aspects of the web server configuration: protocol support, key exchange support, and cipher support.
The result will be presented as scores. Qualys SSL Labs will also tell about a few other things that could have caused the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, such as mismatched SSL certificate name, outdated TLS version, and enabled RC4 cipher suite.
So now we will look at these three sub-causes of the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
Mismatched SSL Certificate
A mismatched SSL certificate could be a potential reason for the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. Qualys SSL Labs tool will check for it and will also notify you.
This error occurs when the domain name in the SSL certificate doesn’t match the URL in the browser. Such as, the domain name associated with a certain SSL certificate might use www, whereas you visit the website using HTTPS.
You may use the redirection of traffic to avoid this situation. This can be done using a Wildcard certificate or associating several domain names with one SSL certificate.
To check the domain name of the website’s SSL certificate, you can use Google Chrome DevTools.
- Right-click on the web browser window and select Inspect.
- Open Security.
- In Security, look for the certificate validation and connection settings also the TLS version. Select View certificate to receive the certificate information.
- As a new window opens, navigate to the Details tab.
- Click on the Subject Alternative Name. The registered domain names will be seen on the lower box.
Old TLS Version
Currently, modern browsers support TLS 1.2 version and do not support the TLS 1.0 and TLS 1.1 versions. The use of an old TLS version could be the reason behind the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. This situation can be resolved by contacting your hosting service provider and getting your TLS version updated.
RC4 Cipher Suite
Many browsers, such as Microsoft Edge, Google Chrome, etc., do not support the RC4 Cipher suite anymore as it might not be safe. Therefore, we suggest you go through the Qualys SSL Labs report, which will also tell you if you are still using the RC4 Cipher suite, and then disable it and look for another Cipher suite.
Configure SSL with Cloudflare
If the configuration of the SSL certificate and Cloudflare hasn’t been done right, this could cause the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error and the test results indicate the SSL certificate to be invalid.
You could resolve this issue through the Cloudflare dashboard.
- Choose Caching on the top panel in the dashboard.
- Navigate to the Configuration tab.
- Look for the Purge Cache. Click on Purge Everything.
Once the process has been completed, you may try to reaccess the website.
Via Internal Cloudflare for Universal SSL
- Log in to your Cloudflare dashboard.
- Select SSL/TLS.
- Navigate to the Edge Certificates tab.
- Go to the bottom, and look for Disable Universal SSL. Select Disable Universal SSL on the right column.
- Please wait for the process to complete and enable it again by clicking on the Enable Universal SSL button.
- Now purge the cache. Select Caching on the dashboard.
- Navigate to the Configuration tab.
- Look for Purge Cache. Select Purge Everything.
Once the process is complete, revisit the website.
Enable TLS 1.3 Support
You can enable your Google Chrome browser’s TLS support by following these steps:
- Open Google Chrome.
- Type in chrome://flags on the address bar, and click Enter.
- Look for TLS.
- Set the TLS 1.3 support to Enable.
To connect with a website that uses an older version of TLS, you may do this:
- Open Google Chrome.
- Type in chrome://flags on the address bar, and click Enter.
- Look for TLS.
- Find Enforce deprecation of legacy TLS versions.
- Select Disable.
Disable the QUIC Protocol
Quick UDP Internet Connection protocol is a project developed by Google to improve the connection of web applications using the User Datagram Protocol (UDP). QUIC or Quick UDP Internet Connection protocol is great if you are looking for security, but it can also become the cause of ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. So disabling it sometimes might do the job.
Do so on Google Chrome:
- On Google Chrome, type in chrome://flags in the address bar.
- Look for QUIC.
- Look for Experimental QUIC Protocol.
- Select Disable.
Clear Your Web History/Cache
Cache is a great tool when you are looking to make your website run faster. But sometimes, it could trigger the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error due to some faulty image, files, text, etc.
So we must clear our web history and cache to do so on Google Chrome:
- Click on the three dots on the top right corner of Google Chrome, then select Settings.
- Find the Privacy and security section. Select Clear browsing data.
- Check the Cached images and files option. On the drop-down menu, select the time frame for deletion and choose Clear data.
- Restart Chrome to finish the process.
If you still encounter the error, you may clear the SSL slate:
- In the Windows search bar, type Internet Options.
- Choose Internet Options.
- In the Internet Properties dialogue box, open the Content tab.
- Select Clear SSL State, then click OK.
Disable Your Antivirus or Firewall
Antivirus and Firewalls are used to look out for harmful sites and avoid them. But sometimes, due to their error, it shows a particular site to be unsafe. Therefore it is suggested to disable your Antivirus and Firewall for a while.
However, we suggest you create a backup of your data before you do anything with the Antivirus and Firewall. Also, enable both as soon as you are done revisiting the website.
What If the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error Persists?
If you have tried all the above six methods to fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, but it persists, one thing you could do is use a newer or updated device to access it.
Also, the older version of an operating system could be the cause. So try updating your operating system. Here, uninstalling and reinstalling your operating system might do the job.
If nothing works, look for expert help.
Conclusion
In this article, we learn to fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. We started by looking at what it is and what could be the causes behind this ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
Also, all the above methods are beginner-friendly, and you do not have to be an expert. However, if you cannot perform these methods or fail, an expert’s help would be great. Also, do not forget to prepare a backup of your data before you do anything.