How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH In 2023

How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH In 2023

How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH in 2022 - SSL issues, such as the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, are common problems encountered by internet users.

How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH in 2022 – SSL issues, such as the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, are common problems encountered by internet users.

Also read: 8 Easy Ways To Fix 403 Forbidden Error

Although seeing this unfamiliar error message on the web browser can be intimidating, it is a simple fix. It occurs when your web browser detects an issue with the SSL certificate version of the website.

How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH in 2022

In this post, we’ll go over six alternative ways on how to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, as well as what to do if the error happens when you open your website.

What is ERR_SSL_VERSION_OR_CIPHER_MISMATCH?

When you try to connect to a website, your browser will immediately check its SSL certificate. It’s a means to verify that the website you’re visiting is legitimate and has used the proper protocol to safeguard your connection.

Also read: 11 Ways to Fix the DNS Server Not Responding Error

This is referred to as a TLS handshake. TLS (Transport Layer Security) is a technology that allows a user’s computer to communicate securely with a web server.

Assume that during the TLS handshake, the user’s browser and the web server do not support the same SSL protocol version or cipher suite. If this occurs, the browser will display the error message of Chrome ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

What is the source of the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error?

The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message is your browser’s way of preventing you from visiting malicious websites.

Furthermore, a website may employ an unsupported version of a protocol that contains security weaknesses and may be damaging to your device or the information sent to the website.

There are various reasons why a web server and a web browser fail to implement a common SSL protocol, resulting in the error message ERR_SSL_VERSION_OR_CIPHER_MISMATCH:

  • Invalid SSL certificates – the domain’s SSL certificate may be assigned for a different domain name alias, thus triggering a certificate mismatch error.
  • Old TLS versions – the web server may use an old version of TLS that new web browsers no longer support.
  • Outdated web browsers or operating systems – older operating systems and web browsers may not support the latest version of TLS.
  • QUIC protocol – a Google project that acts as an alternative to common security solutions but may trigger the error.
  • Web browser’s cache – the cached data may not reflect the website’s security update.
  • Antivirus program – a misconfiguration in the antivirus program may trigger a false alarm that results in the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

It should be noted that the problem occurs only on websites that employ SSL certificates and HTTPS encryption to safeguard access and information transmission. These encryptions are indicated by a lock icon in the URL bar on websites that utilize them.

Also read: How To Flush DNS Command In 2023

Websites that employ Cloudflare CDN (content delivery network) and security add-ons may also see the problem.

How to Fix SSL Error

Despite its sophisticated and daunting appearance to newbies, the message of Chrome ERR_SSL_VERSION_OR_CIPHER_MISMATCH issue is simple to resolve.

Let’s look at six solutions to the message ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

1. Check the SSL/TLS Certificate

Checking the site’s SSL/TLS certificate is a good place to start when troubleshooting the ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem. If the SSL/TLS certificate is obsolete or invalid, an error message may be displayed.

To perform an SSL certificate verification, use internet tools such as Qualys SSL Labs. This program will evaluate the SSL connection and discover any mismatches with the server. It can also tell you if your SSL/TLS certificate is out of date and needs to be updated.

To utilize the Qualys SSL Labs tool, simply enter your website’s URL and wait for Qualys SSL Labs to generate server test results.

The test will determine whether or not the SSL/TLS certificate is valid and trustworthy. It will next examine three parts of the web server configuration: protocol support, key exchange support, and cipher support.

After that, the Qualys SSL Labs tool will compute the results and display its scoring. This is one way on how to fix SSL error.

Using Qualys SSL Labs can also reveal frequent problems that cause ERR_SSL_VERSION_OR_CIPHER_MISMATCH error: SSL certificate name mismatch, outdated TLS version, and RC4 cipher suite enabled.

SSL Certificate Name Mismatch

Certificate name mismatch is a typical source of the ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem, and the SSL Labs tool can easily diagnose it. It will also send you a notification about the mismatch.

When the domain name in the SSL certificate does not match the URL in the browser, the certificate name mismatch occurs.

Also read: 9 Ways On How To Fix DNS_PROBE_FINISHED_NXDOMAIN Error

For example, if the domain name in the SSL certificate is www.example.com and you access the website via https://example.com or another domain name alias.

To avoid this, redirect www.example.com traffic to the right URL, https://www.example.com. This problem is also avoided by using wildcard certificates, which allow numerous hostnames to be covered by a single certificate.

If you wish to check the domain names on the current site’s certificate, use Google Chrome DevTools:

  1. Right-click anywhere in the web browser window and click Inspect.
  2. Open the Security tab.
  3. In the Security tab, you’ll see the certificate validation and connection settings, including the TLS version. Click View certificate to see the certificate information.
  4. A new window will open. Go to the Details tab.
  5. Find and click Subject Alternative Name. The registered domain names will appear on the lower box.

Another reason for the certificate name mismatch could be because the domain points to an obsolete IP address that no longer exists. The certificate name discrepancy should be resolved by simply pointing the domain name from the old IP address to the new one.

OLD TLS Version

The SSL Labs test determines which version of TLS is currently in use on your website. It should at the very least use TLS 1.2, as contemporary browsers no longer support TLS 1.0 and TLS 1.1. If the site still employs an old TLS version, the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error may occur.

Also read: 27 Best Chrome Extension For Web Developers In 2023

If this is the case, contact your web host and request that the site’s TLS version be upgraded. This is one way on how to fix SSL error.

RC4 Cipher Suite

The Qualys SSL Labs test also determines the current cipher suite of the server. If it is still using the RC4 cipher suite, disable it and configure the server to use an alternative cipher suite.

This is because RC4 cipher suite support has been withdrawn from Microsoft Edge, Google Chrome, and other browsers since it is no longer considered safe.

Nonetheless, the RC4 cipher suite is still used by some businesses. This is because upgrading the server configuration of a more sophisticated environment is a more difficult and time-consuming procedure.

2. Configure SSL with Cloudflare

The Chrome ERR_SSL_VERSION_OR_CIPHER_MISMATCH issue can be caused by a misconfiguration of the Cloudflare and SSL settings. If this is the case, the SSL Labs test result will indicate that the SSL certificate is invalid.

Depending on your SSL type, you can configure the SSL via the hPanel or the Cloudflare dashboard. This is one way on how to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

Via hPanel for Lifetime SSL

If you installed the Lifetime SSL from Hostinger, you must reconfigure the SSL via hPanel and the Cloudflare internal dashboard. To do so, follow these steps:

  1. Log in to your hPanel dashboard.
  2. Find the Advanced section and click on SSL.
  3. Click Uninstall to disable the SSL.
  4. Select the domain name and click Install SSL to re-enable the SSL.

Wait for your domain’s SSL to be activated. Then, using the Cloudflare dashboard, clear the website cache.

If you have Cloudflare Universal SSL, you must setup it on the Cloudflare internal dashboard. Here are the actions to take:

  1. Select Caching on the top panel of the dashboard.
  2. Go to the Configuration tab.
  3. You’ll find the Purge Cache section at the top. Select the Purge Everything button.

Wait a few minutes until the process is completed, and the site should work again.

Via Internal Cloudflare for Universal SSL

If you have Universal SSL from Cloudflare, you have to configure it on the internal Cloudflare dashboard. These are the steps to do it:

  1. Log in to your Cloudflare dashboard.
  2. Select SSL/TLS on the top panel of the dashboard.
  3. Go to the Edge Certificates tab.
  4. Scroll down to the bottom, and you’ll find the Disable Universal SSL. Click on the Disable Universal SSL on the right column.
  5. Wait a few minutes until the process is complete and enable it again by clicking the Enable Universal SSL button.
  6. Proceed with purging the cache. Select Caching on the top panel of the dashboard.
  7. Go to the Configuration tab.
  8. You’ll find the Purge Cache section at the top. Select the Purge Everything button.

After completing all these steps, wait a few minutes and revisit your website to make sure the issue has been resolved.

3. Enable TLS 1.3 Support

TLS establishes a secure link between your browser and the web server. This layer is the direct descendant of SSL technology. This is one way on how to fix SSL error.

TLS 1.3 is already supported by the majority of website browsers, including Google Chrome. However, if you are using an older version of Chrome, you must perform the following steps to enable TLS support in your browser:

  1. Open Google Chrome.
  2. Type in chrome://flags in Chrome’s address bar, then hit Enter.
  3. Search for TLS by typing in the search field.
  4. Set the TLS 1.3 support to Enable.

The website you intend to access may use TLS 1.0 or TLS 1.1 in some instances. Newer browsers will refuse the connection and display the error message of Chrome ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

Google Chrome’s newer versions include a feature that enforces the deprecation of earlier TLS versions. However, you can prevent this while connecting to a website that uses an older TLS version by following these steps:

  1. Open Google Chrome.
  2. Type in chrome://flags in the address bar, then press Enter.
  3. Search for TLS.
  4. Find Enforce deprecation of legacy TLS versions.
  5. Click on the drop-down menu and choose Disable.

Another way is to enable all TLS versions on the system. The following are the measures to take:

  1. Use the Windows search bar and type in Internet Options.
  2. Select Internet Options.
  3. The Internet Properties dialog box will appear. Open the Advanced tab.
  4. You’ll see a box with a checkbox list. Scroll down until you find Use TLS items.
  5. Check all the TLS versions and click OK.
  6. Restart Chrome so that the new settings take effect.

4. Disable the QUIC Protocol

The QUIC (Quick UDP Internet Connectivity) protocol was created by Google as an experimental effort to improve the connection of web applications utilizing the User Datagram Protocol (UDP). This is one way on how to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

Although QUIC is regarded as an excellent alternative to other well-known security methods such as TCP, HTTP/2, and TLS/SSL, it frequently generates warnings such as Chrome ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

Disabling this protocol may help to resolve the problem. To disable it on Google Chrome, follow these steps:

  1. Open Google Chrome and type in chrome://flags in the address bar.
  2. Search for QUIC.
  3. Find the Experimental QUIC Protocol.
  4. Open the drop-down menu and select Disable.

5. Clear Your Web History/Cache

The browser’s web history and cache save information from websites you’ve visited. Cache data, which may comprise text, images, or files, assists the browser in loading the page faster on the next visit. This is one way on how to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

Keeping old cache, on the other hand, is a dangerous practice, especially if the sites visited have previously modified their system. If you do not erase the cache for an extended period of time, it may result in an SSL issue and security risks.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH can be resolved by clearing the browser’s cache and restarting it.

To clear cache in Google Chrome, follow these steps:

  1. Click the three vertical dots on the top right corner of Google Chrome, then select Settings.
  2. Scroll down, and find the Privacy and security section. Click on Clear browsing data.
  3. A pop-up window will appear. Check the Cached images and files option. Use the drop-down menu to select the time frame for deletion and click Clear data.
  4. Restart Chrome to finish the process.

After you’ve deleted the cache, try accessing the website again. If the error persists, you may need to clear your browser’s SSL status from the operating system’s settings.

  1. In the Windows search bar, type in Internet Options.
  2. Select Internet Options.
  3. The Internet Properties dialog box will appear. Open the Content tab.
  4. Click on Clear SSL State, then click OK.

6. Disable Your Antivirus or Firewall

An incorrectly configured antivirus program or firewall can lead to connection security issues. The Chrome ERR_SSL_VERSION_OR_CIPHER_MISMATCH error is one of them.

Incorrect setting or the software’s own certifications can result in false warnings, mistaking a safe website for a harmful one. This is one way on how to fix SSL error.

To avoid significant security issues, we recommend temporarily disabling the antivirus program if you wish to test whether it’s generating the error.

However, if your antivirus program has an automatic SSL scanning feature, removing it should remove the warning notice without deactivating the entire antivirus system.

What If the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error Persists?

These six approaches should be sufficient to resolve the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error in your browser. However, there may be instances where they fail to resolve the problem.

This issue can also be caused by older operating systems or web browsers. To see if this is the case, open the webpage on another modern device. If it works, the error must be related to your browser or operating system.

Older web browser versions may not support the most recent technology versions, such as TLS 1.3. It’s also likely that an earlier version of the operating system is the source of the problem, as newer browsers no longer support them.

Reinstalling the web browser should resolve the issue. Simply remove your web browser from your machine. Then, on the official website, download and install the most recent version.

However, reinstalling the web browser will not cure the problem if you are using an old operating system such as Windows XP or Windows Vista. These operating systems are unlikely to be compatible with the most recent version of the browser. You must update the operating system to Windows 10 in this situation.

Conclusion

When the web browser and the web server do not support the same SSL protocol version, the Chrome ERR_SSL_VERSION_OR_CIPHER_MISMATCH error occurs.

It is possible that it will occur on websites that employ Cloudflare’s content delivery network and security add-ons. Some of the possible causes include an outdated TLS version, a mismatched certificate name, or a misconfiguration of the website’s SSL settings.

Fortunately, there are numerous ways on how to fix SSL error:

  • Check your SSL/TLS certificate using Qualys SSL Labs. This will uncover issues such as SSL certificate name mismatch and identify the current version of SSL/TLS. Additionally, check if the domain points to an old IP address.
  • Configure SSL with Cloudflare by installing a new SSL certificate if the previous one is outdated. Disabling, reenabling, and purging SSL cache via the Cloudflare panel may also help resolve the issue.
  • Enable TLS 1.3 support if you’re using an older version of the web browser. Conversely, if you’re using modern browsers and the website only supports TLS 1.0 or TLS 1.1, deprecate the TLS 1.3 enforcement.
  • Disable the QUIC protocol on your web browser.
  • Clear your browser history and cache as there may be an old configuration that interferes with the connection.
  • Clear ssl state.
  • Temporarily disable antivirus software to check if the antivirus configuration triggers the error message. If it has an automatic SSL scanning, turn it off.
  • Update your web browser and operating system to the latest version so that they support TLS 1.3.

Finally, don’t be alarmed if you encounter an unknown error message such as ERR_SSL_VERSION_OR_CIPHER_MISMATCH. To find the best answer to the problem, attentively read the message. The same mistake is likely to reoccur until an appropriate repair is applied.

ExplainWP
The WordPress Learning Hub

Related Posts