Fix ‘ERR SSL VERSION OR CIPHER MISMATCH’ error message Issue – Guide
When you visit a website that uses HTTPS, your browser and web server go through several processes to verify that the certificate and SSL/TLS connection are legitimate. The TLS handshake is one of them, as is the certificate being verified against the CA and the certificate being decrypted. If your browser does not like what you see for any reason, such as an incorrect configuration or an unsupported version, it may display the error “ERR SSL VERSION OR CIPHER MISMATCH”, preventing you from accessing the site. Here are some suggestions to resolve this issue.
Reasons for ERR_SSL_VERSION_OR_CIPHER_MISMATCH
The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error usually occurs on older operating systems or browsers. But this is not always the case. In fact, we recently encountered a user with this issue on their WordPress site who was migrating to Kinsta from another host. Obviously we were running the latest version of Chrome so the problem was with the SSL certificate. Chrome is actually protecting you by not letting you load it. ERR_SSL_VERSION_OR_CIPHER_MISMATCH You may also see a variation of the error, such as: Check out the reasons below on why this happens and what you can do about it.
Check your SSL certificate
If you see this error, the first and easiest place to start is to perform an SSL check on the certificate installed on the website. We recommend using Qualys SSL Labs’ free SSL verification tool. It is very reliable and we use it for all Kinsta clients when verifying certificates. Just enter your domain in the Hostname field and click “Submit”. You can also select the option to hide public results if you prefer. It may take a minute or two to verify your site’s SSL/TLS configuration on your web server.
Check for certificate name mismatch
In this particular case, the client migrating to Kinsta had a certificate name mismatch it was generating up the error ERR_SSL_VERSION_OR_CIPHER_MISMATCH. As you can see in the SSL Labs test below, this is very quick and easy to diagnose. As SSL Labs states, a mismatch can be a number of things, such as: Certificate name mismatch Another easy way to check the current domain name issue in the certificate is to open up Chrome DevTools on the website. Right-click anywhere on the site and click “Inspect”. Then click on the security tab and click on “View certificate”. The issued domain will be displayed in the certificate information. If this doesn’t match the current site you’re on, that’s a problem. Check the domain issued in the SSL certificate Keep in mind though that there are wildcard certificates and other variations, but for a typical website they should match exactly. However, in our case, the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error prevented us from checking it in Chrome DevTools. That’s where a tool like SSL Labs can come in handy.
Check the old version of TLS
Another possible reason is that the TLS version running on the web server is old. Ideally, it should be running at least TLS 1.2 (better still, TLS 1.3). If you’re a Kinsta customer, you never have to worry about that as we always update our servers to the latest and greatest supported versions. Kinsta supports TLS 1.3 on all our servers and our Kinsta CDN. Cloudflare also enables TLS 1.3 by default. (Suggested reading: If you are using legacy versions of TLS, you may want to fix ERR_SSL_OBSOLETE_VERSION notifications in Chrome). This is something the SSL Labs tool can also help with. In the configuration it will show the current version of TLS running on the server with that certificate. If it’s old, contact your host and ask them to update the TLS version. TLS 1.3 server support
Check the RC4 Cipher Suite
Another reason, according to Google’s documentation for ERR_SSL_VERSION_OR_CIPHER_MISMATCH, is that the RC4 cipher suite was removed in Chrome version 48. This is not very common, but can happen in larger enterprise deployments that require RC4. Why? Because everything usually takes longer to update and update on larger and more complex configurations. Security researchers, Google and Microsoft recommend that RC4 be turned off. Therefore, you must make sure that the server configuration is enabled with a different cipher suite. You can view the current cipher suite in the SSL Labs tool (as seen below).
Clear SSL state in Chrome
Another thing to try is clearing the SSL state in Chrome. Just like clearing your browser cache, this can sometimes help if things get out of sync. To clear SSL state in Chrome on Windows, follow these steps:
Use a new operating system
Older operating systems become outdated with newer technologies such as TLS 1.3 and newer cipher suites as browsers stop supporting them. Specific components in the latest SSL certificates simply stop working. Google Chrome actually shut down Windows XP in 2015. We always recommend upgrading to newer operating systems if possible, such as Windows 10 or the latest version of Mac OS X.
Temporarily disable antivirus
The last thing we recommend trying if you are still seeing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error is to ensure that you do not have an antivirus program running. Or try temporarily disabling it. Some antivirus programs create a layer between your browser and the web with their own certificates. This can sometimes cause problems. Save time, costs and maximize website performance with: All this and more, in a plan with no long-term contracts, assisted migrations, and a 30-day money-back guarantee. Check out our plans or talk to sales to find the plan that’s right for you.
Final note
I hope you like the guide Fix ‘ERR SSL VERSION OR CIPHER MISMATCH’ error message Issue. In case if you have any query regards this article you may ask us. Also, please share your love by sharing this article with your friends.
