Are you facing ERR_SSL_VERSION_OR_CIPHER_MISMATCH error? We are sharing complete solution in this article.
A lot happens behind the scenes when a user securely connects to your web server using SSL/HTTPS. Some of the steps (note: this is not the complete list) are:
- A TLS handshake
- Verification of the SSL certificate with the CA
Failure in any of the involved steps for any reason may result in the users being thrown off with a err_ssl_version_or_cipher_mismatch error.
You or your site visitors have probably faced this situation at some point, or you won’t be looking for a solution here. Before you can fix the problem, you will need to get to the root cause of what led to this unfortunate situation. The first step is to figure out whether this is a server-side issue (such as a problem with the SSL certificate or web server configuration, etc.) or an issue at the user’s side (something to do with the operating system, browser, or device settings, etc.).
Server-side issues leading to the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error
To see if this is a server-side issue and get to the root cause of the err_ssl_version_or_cipher_mismatch error, you will need to inspect these things:
- Your SSL certificate
- See if there is a mismatch in the certificate name
- Check if an older TLS version is being used
- Verify the RC4 Cipher suite
#1. Check your SSL certificate
The first thing that you should do is check your certificate. You can use the free SSL certificate checker tool to know everything about your SSL certificate.
Just type the URL of your website and click “Check SSL” and you will get the results on the same page. This is a reliable test to see if there are any problems with your SSL certificate.
The other way to check is on a browser. However, note that you may not be able to do so in some cases where your SSL certificate has issues.
#2. See if there is a certificate name mismatch
Your SSL certificate proves that your website is what it claims to be. It is critical that the name on the certificate and your domain name must match. Also, the SSL certificate must be issued by a trusted CA (Certificate Authority). You can read this article to solve it.
#3. Check if an older or unsupported TLS version is being used
Ideally, all the hosting providers should be using TLS version 1.2 or higher. You should also ensure backward compatibility since some people may be using outdated operating systems and web browsers that still use an older version of TLS (Transport Layer Security) protocol.
TLS version 1.3 was published in August 2018 and provides better security along with faster speeds. In case your hosting provider does not support TLS 1.2 at least, it may be time to look for a different provider.
#4. Verify the RC4 cipher suite
Being an older tool, RC4 cipher was very simple to hack and had lots of security vulnerabilities.
Some organizations are still running legacy applications and have to keep RC4 cipher around, though most modern browsers do not have support for it. If your website is configured for RC4, you will face the err_ssl_version_or_cipher_mismatch error on the latest browsers. It is best to move your website from RC4. However, if you cannot do so for some reason, at least disable RC4, and add the TLS1.3 protocol to get rid of the problem.
Client-side issues leading to the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error
If you are on an older version of the OS (operating system) or web browser, your client setup may not support the latest TLS protocols. In such cases, you will have to deal with the ‘err_ssl_version_or_cipher_mismatch’ error.
Apart from upgrading your OS/browser, here are a few other things to try in such cases:
- Delete the cache and cookies from your browser
- Clear the SSL state of your machine
- Enable TLS 1.3
- Disable your antivirus temporarily
#1. Delete the cache and cookies from your browser
Clearing the cache and cookies on your web browser fixes a lot of local SSL certificate issues. The steps to do so may be different based on the operating system and browser you are using.
Most browsers have the CTRL+SHIFT+DELETE hotkey combination to achieve this. Be careful when you do so, you may end up losing your browsing history and saved logins if you don’t uncheck these options when clearing your browser data.
#2. Clear the SSL state of your machine
The easiest way is to clear the SSL state of your computer on a Windows 10 installation it to search for “Internet Options’ on the Start menu, navigate to the “Content” tab of the dialog that opens up and click on “Clear SSL state”.
Once done, you will see a pop-up message saying, “The SSL cache was successfully cleared”.
#3. Enable TLS 1.3 on your browser
Another solution for ERR_SSL_VERSION_OR_CIPHER_MISMATCH error is to enable TLS1.3 on your web browser. Every browser has a different way of doing so.
For Google Chrome, type chrome://flags in the address bar and search for TLS 1.3 and enable the option.
For Firefox browser, type about:config in the address bar and search for TLS
Look for ‘security.tls.version.max’ and set the value to 4.
#4. Disable your antivirus temporarily
If you’ve tried everything and are still getting the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, the last thing to try is disabling your antivirus software temporarily. Some antivirus programs insert themselves in the middle of the internet and your web browser. This layer works with its own set of certificates that sometime leads to the problem.
Note that this is only for testing; be sure to enable your antivirus program once you are done. If this did solve the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, you may want to switch to antivirus software that can work well with SSL.
In the technology world, you either have to adapt to the changes or die in oblivion. Security protocols, software, and systems keep evolving, and backward compatibility can only take you so far. Keep your software, including your operating system and browser updated. Also, makes sure your SSL certificate has no issues, your hosting provider supports the latest protocols, and your website is configured correctly. These tips should help you get rid of the err_ssl_version_or_cipher_mismatch error.