When you access a website using HTTPS, a series of processes are run between the web server and the browser to confirm that the SSL/TLS connection and certificate are legitimate.
A handful of these entails certificate decryption, the TLS handshake, and certificate authority comparison.
What Is the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error?
If your browser finds anything that it shouldn’t, such as an unsupported version or configuration problem, it can show the error message “ERR_SSL_VERSION_OR_CIPHER_MISMATCH”. As a result, you will not be able to access the website.
View some recommendations for fixing this problem.
What Leads to the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error?
Outdated operating systems or browsers typically cause the ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem.
However, that is only sometimes the case. Indeed, we recently ran with a user who was migrating to Kinsta from another server and was having a similar issue with their WordPress website. Since we were running the latest version of Chrome, their SSL certificate was undoubtedly the cause of the issue. By keeping you from loading it, Chrome is actually protecting you.
You may also see the following variations of the error:
- (error 113, net::err_ssl_version_or_cipher_mismatch) Unknown error
- The client and server do not support the same version of the SSL protocol or cipher suite.
Read also: How to Fix Google Chrome’s “ERR_CACHE_MISS” Error
The error code ERR_SSL_VERSION_OR_CIPHER_MISMATCH How Can It Be Fixed?
Look at your options and the main fixes below.
- Check for Name Mismatches in the SSL Certificate and Verify Your Certificate
- Examine the Old TLS Version and the RC4 Cipher Suite.
- Employ a Fresh Operating System.
- In Chrome, clear the SSL state;
- Turn Off Antivirus Software Temporarily.
Check the SSL certificate that you possess.
If you see this issue, the easiest and quickest action to take is to perform an SSL check on the website’s installed certificate. We recommend using the free SSL checker provided by Qualys SSL Labs. Because it is so dependable, we use it to validate certificates for all of our Kinsta clients. All you have to do is type your domain name into the Hostname field and click “Submit”.
You can also decide to keep the results private from the general public. It may take a minute or two for your web server to scan the SSL/TLS settings for your website.
Check to see if the names on the certificates match up.
A certificate name mismatch was causing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH issue for this customer, who was switching to Kinsta. The test from SSL Labs below shows how easy and quick it is to diagnose this. A mismatch, per SSL Labs, can be caused by a number of factors, such as:
The website is linked to another website by IP address, even if SSL is not used on it.
Even if the website is defunct, the domain still points to the old IP address, which is presently hosting another website.
The website uses a content delivery network (CDN), which is incompatible with SSL.
The certificate does not include the domain name alias, even though it points to a different website.
Inconsistent certificate names
You may also easily confirm the certificate’s current domain name issue with the Chrome DevTools available on the website. Right-click anywhere on the page to choose “Inspect.” After that, choose the security tab and “View certificate.” The issued domain will be visible in the certificate details. If this is different from the webpage you are currently on, there is a problem.
Even though there are many variations and wildcard certificates, they should match precisely for a typical site. However, in our case, the ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem truly prevented us from using Chrome DevTools to verify it. That’s when the utility SSL Labs comes in handy.
Search for earlier iterations of TLS.
An even more reasonable cause would be an out-of-date TLS version on the web server. It should be using TLS 1.2 or, for enhanced security, TLS 1.3. Kinsta clients never have to be concerned about this because we regularly update our servers to the newest and best-supported versions. Kinsta supports TLS 1.3 across all of its servers, including the Kinsta CDN. Cloudflare also activates TLS 1.3 by default.
Suggested reading: If you are using legacy TLS versions, consider solving ERR_SSL_OBSOLETE_VERSION Notifications in Chrome.
This is another area where the SSL Labs tool can help. You will see under configuration the version of TLS that is currently in use on the server that holds that certificate. If the TLS version on your server is out of date, get in contact with your host and ask them to upgrade.
Check the RC4 Cipher Suite.
Google’s website states that another reason for ERR_SSL_VERSION_OR_CIPHER_MISMATCH is the discontinuation of the RC4 cipher suite in Chrome version 48. This is rare, although it might happen in larger enterprise deployments that require RC4. Why? Because updates and upgrades usually take longer for larger and more complex configurations.
Security experts, Google, and Microsoft all recommend disabling RC4. As a result, you should make sure the server configuration has a separate cipher suite enabled. You can now view the available cipher suite using the SSL Labs tool (see below).
Clear the SSL status of Chrome.
Another thing you may try is clearing the SSL status using Chrome. This occasionally helps when things get out of sync, much like when you clear your browser’s cache. Follow these steps to resolve the SSL status on Windows Chrome:
- Choose Settings after deciding to open the Google Chrome – Settings (Settings) icon.
- Click Show to access the advanced settings.
- Under Network, click Change Proxy Settings. The Internet Properties dialog box appears.
- Click the Content tab.
- Select “Clear SSL state,” then press OK.
- Restart Chrome.
If you’re using a Mac, refer to these instructions for removing an SSL certificate.
We’ve turned our knowledge of effectively administering large-scale websites into an ebook and a video course. Click the given link to download The Guide to Managing 60+ WordPress Sites!
Use an Alternative Operating System
Older operating systems become obsolete as browsers quit supporting newer technologies like TLS 1.3 and the newest encryption suites. Some components of the latest SSL certificates will no longer work. Actually, back in 2015, Google Chrome discontinued supporting Windows XP. We recommend updating to a more recent operating system, such as Windows 10 or Mac OS X 10.5.
Shortly Turn Off Your Antivirus
If you are still experiencing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH issue, as a last option, make sure no antivirus software is running. Alternatively, turn it off for a bit. Certain antivirus programs create a barrier between your web browser and the internet by using their certificates. Problems could occasionally result from this.
