How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
ERR_SSL_VERSION_OR_CIPHER_MISMATCH error appears when your browser can’t set a stable connection with the webserver. It all begins with the SSL certificates used for presenting a safe and encrypted connection between a site and an installed web browser.
They are usually used to encrypt necessary information, for instance, personal data, credit card information, and similar. Furthermore, the SLL certificates are becoming a standard protocol for each site nowadays. With that in intention, let’s discuss some more about fixing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
Fixes to ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
Check Your SSL Certificate
If you view this issue, the first and simplest place to start is to do an SSL check on the established certificate on the website. We suggest applying the free SSL check tool of Qualys SSL Labs. It is very stable. Just input your domain into the Hostname field box and press on Submit button.
You can also choose the option to disappear public results if you need. It could take a few minutes to scan your website’s SSL/TLS configuration on the webserver you are deployed.
Check for Certificate Name Mismatch
In this particular case, the users had a certificate name mismatch that forced up the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. As you can notice from the SSL Labs test, this is much faster and simple to diagnose. As SSL Labs states, a mismatch can be several situations such as:
- The website does not use SSL but shares an IP address with some other website that does.
- The website no longer exists, yet the domain still tends to the former IP address, where a different website is now hosted.
- The website utilizes a CDN (content delivery network) that doesn’t support SSL.
- The domain name alias is for a site whose name is varied, but the handle was not involved in the certificate.
Enable TLS 1.3 Support
Transport Layer Security (TSL) gives a stable and safe connection between your web browser and the webserver. The transport layer is the direct successor of the SSL technology. If this feature is disabled, it might be the cause of why your web browser denies the certificates of a few websites.
Fortunately, most of the latest web browsers, like Google Chrome, are previously equipped with TLS 1.3 by default. Though, if you have an earlier version of Google Chrome, you require to follow these measures to enable your web browser TLS support:
- Start Google Chrome
- Enter in chrome://flags in browser’s URL bar then press enter
- Now explore for TLS
- Place the TLS 1.3 support to Enable state
Though, note that this will not be possible in the latest version of Chrome. For example, suppose you attempt those actions in Chrome version 80.0 or higher. In that case, you will only get the TLS 1.3 downgrade hardening, which runs to harden the TLS 1.3 connections and gives downgrade compatibility for the older TLS (set it to default).
Disable QUIC protocol
If the QUIC Protocol is permitted or enable, the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error can happen in the browser. To solve it, you should disable the QUIC protocol. Here are the steps, how you can perform that:
- In URL box enter, chrome://flags
- Explore for Experimental QUIC protocol
- If it is ‘default (or disabled),’ then leave it as it is and terminate the window.
- Otherwise, you have to disable it.
Check RC4 Cipher Suite
Another cause, according to Google’s documentation for this error is that the RC4 cipher suite was eliminated in Chrome version 48. This is not very obvious, but it could result in larger enterprise deployments that need RC4. Why? Because everything regularly needs longer to upgrade and update in more significant and more complicated configurations.
Safety researchers Microsoft and Google suggest that RC4 be disabled. So you have to make sure the server configuration is enabled with some other cipher suite. You can see the present cipher suite in the SSL Labs tool.
Clear the SSL State on your Computer
To remove the SSL state on your PC, navigate to the Internet Properties section. The fastest way in Windows 10 is to search for Internet Options or Internet Properties from the Start menu.
- Go to the Content tab and press on Clear SSL state.
- The pop-up note The SSL cache was successfully cleared arises.
Some earlier versions of Google Chrome enable you to reach Internet Properties and remove the SSL state from the advanced settings option.
Disable Your Antivirus or Firewall
Incorrect configuration of firewall or antivirus can also create connection security issues that occur in the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
The wrong configuration can also produce false alarms that make a secure website identified as a dangerous site. Therefore, it is safer to set your firewall settings at default. You can also disable it, but this move may produce critical security issues.
Moreover, if you are using antivirus software or any security application installed on your PC, the application might have an automatic SSL scanning. Disabling the SSL Scan could help you to get rid of failure messages on the site.
Delete the cache and cookies from your browser
Removing the cache and cookies on your Google Chrome resolves a lot of local SSL certificate problems. The moves to do so may be altered based on the OS and browser you are working on.
Most web browsers have the Ctrl+Shift+Delete hotkey shortcut to achieve this. Be mindful when you do so; you may end up dropping your web browsing history and stored logins if you don’t unmark these options when removing your browser data.
Update or Change your Web Browser
The latest web browsers update automatically on restart. If your web browser is not updating automatically, you can manually update it.
To verify the version on most common browsers, go to the Help and about section.
In most circumstances, you can manually update the web browser from the about section. Once the update finishes, try loading the site again.
Most users often freak out when falling upon a fault like this and forcefully restart or close their web browser without paying attention to the message. Whereas, without a decent fix, there is a high chance that the error will happen again, sooner or later.