fb-pixel
Logo

Err_ssl_version_or_cipher_mismatch: how to solve

March 17, 2022 / Published in:  from Ivan Messina
No comments

In this guide, err_ssl_version_or_cipher_mismatch: How to solve it, we’ll see what the err_ssl_version_or_cipher_mismatch error is and how to fix it so you can access the site again.

First, let’s see what the error looks like on different browsers and then we’ll see the main causes of this problem. Finally, we’ll see the various ways to solve the error both if it is occurring on your site and while browsing, by analyzing the server-side and client-side problems one by one.

What is the err_ssl_version _or _cipher_mismatch error?

Whenever we access a website using the HTTPS protocol, the browser must contact the server. The exchange of messages between the client (the browser) and the server is called an SSL/TLS handshake.

These communications between the browser and server also include the browser’s verification of the SSL certificate. The SSL certificate check is performed every time we connect to a website and serves to ensure that the connection to that site is secure.

If during the TLS handshake the browser detects an unsupported version of the SSL protocol or problems with configuration and encryption, an error message, err_ssl_version_or_cipher_mismatch may appear.

Since this is an error related to SSL certificate verification, this issue can only occur on sites that use the HTTPS protocol and security certificates. Please note that most sites have adopted the new security protocol by migrating from HTTP to HTTPS.

Variants of the err_ssl_version_or_cipher_mismatch

An error page appears on Chrome with a warning “The site cannot provide a secure connection”. Below you can see what the err_ssl_version_or_cipher_mismatch error looks like on Chrome.

Chrome Err Ssl Version Or Cipher Mismatch

The same error message appears using Microsoft Edge, with a warning “The connection for this site is not secure“.

Edge Err Ssl Version Or Cipher Mismatch

On the other hand, if you visit the same site with Firefox you may encounter a similar error, but with a slightly different warning. A “Secure connection failed” error will appear on Firefox with the error code: ssl_error_no_cypher_overlap.

Firefox Ssl Error No Cypher Overlap

In all cases, it is not possible to continue browsing and you can’t accesss the site.

Err_ssl_version_or_cipher_mismatch: the causes of the error

The error err_ssl_version_or_cipher_mismatch is due in most cases to the use of obsolete or outdated browsers or operating systems.

However there are also other reasons why this error message may appear, here is a list of the most common ones.

  • Invalid SSL certificate: problems with the SSL certificate of the site, for example, a mismatch between the domain on the certificate and the domain of the site, can cause this error.
  • Outdated browsers or operating systems: in this case, the problem occurs because the browser or operating system does not support the latest version of TLS.
  • Problems with the QUIC protocol.
  • TLS version: the error may occur if the TLS version in use on the server is no longer supported by the browser.
  • Problems with cache, antivirus or CDN.

How to fix the err_ssl_version_or_cipher_mismatch error

The err_ssl_version_or_cipher_mismatch error may depend on server-side issues such as outdated TLS versions or certificate issues, or it could be a client-side error that depends on the browser or operating system you are using.

Server-side issues

The err_ssl_version_or_cipher_mismatch error can be caused mainly by these three issues:

  • domain name mismatch in the certificate
  • server using a TLS version that is no longer supported
  • server using an encryption that is no longer supported.

Let’s examine in each case how to understand if the error is caused by one of these problems and what to do to solve it.

Check the SSL certificate, TLS version and encryption

If the err_ssl_version_or_cipher_mismatch error is occurring on your site, the first thing to do is to make sure that the SSL certificate of the site is valid.

As we mentioned earlier talking about the causes of the error, one of the reasons why this warning may appear is because of problems with the SSL certificate.

There are several methods you can follow to check the SSL certificate, one of the easiest ways is to do a check with a free online tool like the SSL Server Test from Qualys SSL Labs.

The tool is very easy to use and allows you to identify problems with your SSL certificate, such as figuring out if it is expired, invalid, or contains errors.

Connect to the tool’s site and enter the domain of the site where the error appears to perform an SSL certificate check, then click Submit.

Ssl Labs Server Test

Let’s see what errors are identified by the tool and can help guide us on the right path to correct the err_ssl_version_or_cipher_mismatch error.

Mismatch error

One of the problems that can occur with the SSL certificate and can generate the err_ssl_version_or_cipher_mismatch error is when there is no match between the domain name in the certificate and the domain.

In this case when we go to analyze the SSL certificate of the site, the SSL Labs tool will warn us about the mismatch through this warning message “Certificate name mismatch“.

Ssl Labs Err Ssl Version Or Cipher Mismatch

Together with the mismatch error on the certificate, the tool also lists the possible causes of such an error. The mismatch may, in fact, depend on these reasons:

  • The analyzed site does not use the SSL protocol but shares the IP address with another site that does.
  • The site no longer exists, for example the domain points to an old IP address on which a different site is now hosted.
  • The site is using a CDN that does not support SSL.
  • The alias used for the domain has not been included in the certificate.

Remember that this last eventuality can occur also for variants with and without www. For example, if the domain name in the certificate is “www.dominio.it” and the visited domain is “dominio.it”.

You can also check which domain names the certificate is valid for by viewing the details directly from your browser.

To do this click on the icon next to the address as shown in this screenshot and then click on Certificate.

Chrome Check Ssl Certificate

Open the Details tab and click on Subject Alternative Name to view the domains covered by the certificate.

Certificate Ssl Subject Alternative Name

Please note that the SSL certificates with wildcards like *.example.it are valid for all subdomains like: www.example.it, blog.example.it or mail.example.it.

Outdated TLS version

The SSL Labs certificate verification tool also allows us to check what version of TLS is on the server hosting the site.

Since newer browsers no longer support TLS versions 1.0 and 1.1, if the site is still using one of these older versions it is possible that the browser will display the error err_ssl_version_or_cipher_mismatch or err_ssl_obsolete_version

Chrome Err Ssl Obsolete Version

In this case, by running the SSL Labs test you will see a warning like this.

Ssl Labs Obsolete Tls Version

You can check the details by scrolling down to the Configuration: Protocols section where you will see which TLS versions are supported.

Ssl Labs Supported Tls Version

If the server is using a version of TLS that is no longer supported by new browsers, you should contact your provider and report the problem and request an update.

Active RC4 Encryption

The SSL Labs test tool also allows us to check which encryption suite is being used by the server.

Remember that newer versions of Chrome, Firefox, Edge, and Internet Explorer no longer support the RC4 encryption suite.

Ssl Labs Report Rc4 Encryption

For this very reason, if the server is still using this configuration, it is best to disable it and use a different one.

Problems with the CDN configuration

In some cases, the err_ssl_version_or_cipher_mismatch error may depend on the CDN. If you use Cloudflare’s services it can be useful to disable and re-enable “Universal SSL” from the “SSL/TLS” section.

Cloudflare Ssl Tls Settings
Cloudflare Disable Universal Ssl

Client-side issues

The err_ssl_version_or_cipher_mismatch error may depend on the browser settings.

In particular, the cases we will examine are:

  • obsolete data stored in the cache
  • unsupported TLS versions
  • Active QUIC protocol
  • obsolete operating system or browser.

Empty the SSL cache

Clearing the data stored in the browser cache can be helpful in resolving the err_ssl_version_or_cipher_mismatch error. You can follow our step-by-step guide to see how to clear the cache of major browsers.

If clearing the cache doesn’t solve it, you can also try clearing the SSL cache. On Windows, just open the Control Panel and click on Internet Options.

Fix Err Ssl Version Or Cipher Mismatch Windows 10

Then click on the Contents tab and then on Clear SSL State and Ok.

Err Ssl Version Or Cipher Mismatch Clear Sll State On Windows

All you have to do is restart the browser to check if the error has been fixed.

This system can also help you resolve other SSL certificate-related errors, such as ERR_CERT_AUTHORITY_INVALID.

Enable TLS in your browser

If your browser is up-to-date, TLS 1.3 support should already be enabled. Otherwise, you can enable it manually as well. Let’s see how to do it on Chrome.

Open the browser and visit chrome://flags/ to access the browser’s experimental options.

Search for “tls” in the search bar at the top and set the option for TLS 1.3 to Enabled as you see in this screenshot.

Fix Err Ssl Version Or Cipher Mismatch Enable Tls Chrome

You can also enable TLS versions at the system level. On Windows, just open the Control Panel and click on Internet Options.

Fix Err Ssl Version Or Cipher Mismatch Windows 10

Click on the Advanced tab and check the “Use TLS 1.0, 1.1 … 1.3” options and then click on Ok.

Windows Err Ssl Version Or Cipher Mismatch Enable Tls

This option allows you to work around the err_ssl_version_or_cipher_mismatch error, but if the error appears on your site because you are using an outdated version of TLS, you should upgrade to the most secure version of the protocol.

This way, even users using newer versions of browsers will be able to visit your site without running into errors like err_ssl_version_or_cipher_mismatch or err_ssl_obsolete_version.

Disable QUIC protocol

In some cases, the appearance of errors like err_ssl_version_or_cipher_mismatch can be due to the QUIC protocol. Let’s see how to check if it is active on Chrome and how to disable it.

Open Chrome and visit chrome://flags, then search for “QUIC” in the search bar at the top.

The option you need to find is “Experimental QUIC protocol”. To disable it, simply select Disable from the drop-down menu as seen here.

Fix Err Ssl Version Or Cipher Mismatch Disable Quic On Chrome

Disable antivirus (temporarily)

If you were not able to solve the error err_ssl_version_or_cipher_mismatch with the methods we have examined so far, you can try to temporarily disable the antivirus you are using.

In this way, you can figure out whether the error depends on the wrong configuration of the program.

Update your browser or operating system

As we’ve explained at the beginning of this in this guide, err_ssl_version_or_cipher_mismatch: How to solve it, the err_ssl_version_or_cipher_mismatch error can be generated by outdated versions of the browser or operating system.

For example, old browser versions may not support currently popular protocols such as TLS 1.3. If the error persists, try updating the browser or reinstalling it.

Similarly, the problem may be caused by older operating systems such as Windows XP or Windows Vista. These operating systems may not be compatible with the latest versions of the browser and this could be the cause of the error.

In this case, upgrading the operating system may solve the problem.

Conclusions

In this guide, err_ssl_version_or_cipher_mismatch: How to solve it, we have seen what causes the err_ssl_version_or_cipher_mismatch error. The problem may be due to the operating system or the browser you are using, or it may depend on the site’s SSL certificate or server configurations.

Thanks to practical online tools such as those we have seen in this guide, it is easier to identify the causes of the error and to solve it.

In your case, was the error occurring on your site or on a site you were trying to visit? Were you able to figure out what was causing it? Let me know what method you used to solve it in the comments below.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.