Err_ssl_version_or_cipher_mismatch: how to solve

March 17, 2022 / Published in: Troubleshooting from Ivan Messina

In this guide, err_ssl_version_or_cipher_mismatch: How to solve it, we’ll see what the err_ssl_version_or_cipher_mismatch error is and how to fix it so you can access the site again.

First, let's see what the error looks like on different browsers and then we'll see the main causes of this problem. Finally, we'll see the various ways to solve the error both if it is occurring on your site and while browsing, by analyzing the server-side and client-side problems one by one.

Table of Contents

What is the err_ssl_version _or _cipher_mismatch error?

Whenever we access a website using the HTTPS protocol, the browser must contact the server. The exchange of messages between the client (the browser) and the server is called an SSL/TLS handshake.

These communications between the browser and server also include the browser's verification of the SSL certificate. The SSL certificate check is performed every time we connect to a website and serves to ensure that the connection to that site is secure.

If during the TLS handshake the browser detects an unsupported version of the SSL protocol or problems with configuration and encryption, an error message, err_ssl_version_or_cipher_mismatch may appear.

Since this is an error related to SSL certificate verification, this issue can only occur on sites that use the HTTPS protocol and security certificates. Please note that most sites have adopted the new security protocol by migrating from HTTP to HTTPS.

Variants of the err_ssl_version_or_cipher_mismatch

An error page appears on Chrome with a warning "The site cannot provide a secure connection". Below you can see what the err_ssl_version_or_cipher_mismatch error looks like on Chrome.

Chrome Err Ssl Version Or Cipher Mismatch

The same error message appears using Microsoft Edge, with a warning "The connection for this site is not secure".

On the other hand, if you visit the same site with Firefox you may encounter a similar error, but with a slightly different warning. A "Secure connection failed" error will appear on Firefox with the error code: ssl_error_no_cypher_overlap.

In all cases, it is not possible to continue browsing and you can't accesss the site.

Err_ssl_version_or_cipher_mismatch: the causes of the error

The error err_ssl_version_or_cipher_mismatch is due in most cases to the use of obsolete or outdated browsers or operating systems.

However there are also other reasons why this error message may appear, here is a list of the most common ones.

Invalid SSL certificate: problems with the SSL certificate of the site, for example, a mismatch between the domain on the certificate and the domain of the site, can cause this error.
Outdated browsers or operating systems: in this case, the problem occurs because the browser or operating system does not support the latest version of TLS.
Problems with the QUIC protocol.
TLS version: the error may occur if the TLS version in use on the server is no longer supported by the browser.
Problems with cache, antivirus or CDN.

How to fix the err_ssl_version_or_cipher_mismatch error

The err_ssl_version_or_cipher_mismatch error may depend on server-side issues such as outdated TLS versions or certificate issues, or it could be a client-side error that depends on the browser or operating system you are using.

Server-side issues

The err_ssl_version_or_cipher_mismatch error can be caused mainly by these three issues:

domain name mismatch in the certificate
server using a TLS version that is no longer supported
server using an encryption that is no longer supported.

Let's examine in each case how to understand if the error is caused by one of these problems and what to do to solve it.

Check the SSL certificate, TLS version and encryption

If the err_ssl_version_or_cipher_mismatch error is occurring on your site, the first thing to do is to make sure that the SSL certificate of the site is valid.

As we mentioned earlier talking about the causes of the error, one of the reasons why this warning may appear is because of problems with the SSL certificate.

There are several methods you can follow to check the SSL certificate, one of the easiest ways is to do a check with a free online tool like the SSL Server Test from Qualys SSL Labs.

The tool is very easy to use and allows you to identify problems with your SSL certificate, such as figuring out if it is expired, invalid, or contains errors.

Connect to the tool's site and enter the domain of the site where the error appears to perform an SSL certificate check, then click Submit.

Let's see what errors are identified by the tool and can help guide us on the right path to correct the err_ssl_version_or_cipher_mismatch error.

Mismatch error

One of the problems that can occur with the SSL certificate and can generate the err_ssl_version_or_cipher_mismatch error is when there is no match between the domain name in the certificate and the domain.

In this case when we go to analyze the SSL certificate of the site, the SSL Labs tool will warn us about the mismatch through this warning message "Certificate name mismatch".

Ssl Labs Err Ssl Version Or Cipher Mismatch

Together with the mismatch error on the certificate, the tool also lists the possible causes of such an error. The mismatch may, in fact, depend on these reasons:

The analyzed site does not use the SSL protocol but shares the IP address with another site that does.
The site no longer exists, for example the domain points to an old IP address on which a different site is now hosted.
The site is using a CDN that does not support SSL.
The alias used for the domain has not been included in the certificate.

Remember that this last eventuality can occur also for variants with and without www. For example, if the domain name in the certificate is "www.dominio.it" and the visited domain is "dominio.it".

You can also check which domain names the certificate is valid for by viewing the details directly from your browser.

To do this click on the icon next to the address as shown in this screenshot and then click on Certificate.

Open the Details tab and click on Subject Alternative Name to view the domains covered by the certificate.

Certificate Ssl Subject Alternative Name

Please note that the SSL certificates with wildcards like *.example.it are valid for all subdomains like: www.example.it, blog.example.it or mail.example.it.

Outdated TLS version

The SSL Labs certificate verification tool also allows us to check what version of TLS is on the server hosting the site.

Since newer browsers no longer support TLS versions 1.0 and 1.1, if the site is still using one of these older versions it is possible that the browser will display the error err_ssl_version_or_cipher_mismatch or err_ssl_obsolete_version

In this case, by running the SSL Labs test you will see a warning like this.

You can check the details by scrolling down to the Configuration: Protocols section where you will see which TLS versions are supported.

If the server is using a version of TLS that is no longer supported by new browsers, you should contact your provider and report the problem and request an update.

Active RC4 Encryption

The SSL Labs test tool also allows us to check which encryption suite is being used by the server.

Remember that newer versions of Chrome, Firefox, Edge, and Internet Explorer no longer support the RC4 encryption suite.

For this very reason, if the server is still using this configuration, it is best to disable it and use a different one.

Problems with the CDN configuration

In some cases, the err_ssl_version_or_cipher_mismatch error may depend on the CDN. If you use Cloudflare's services it can be useful to disable and re-enable "Universal SSL" from the "SSL/TLS" section.

Client-side issues

The err_ssl_version_or_cipher_mismatch error may depend on the browser settings.

In particular, the cases we will examine are:

obsolete data stored in the cache
unsupported TLS versions
Active QUIC protocol
obsolete operating system or browser.

Empty the SSL cache

Clearing the data stored in the browser cache can be helpful in resolving the err_ssl_version_or_cipher_mismatch error. You can follow our step-by-step guide to see how to clear the cache of major browsers.

If clearing the cache doesn't solve it, you can also try clearing the SSL cache. On Windows, just open the Control Panel and click on Internet Options.

Fix Err Ssl Version Or Cipher Mismatch Windows 10

Then click on the Contents tab and then on Clear SSL State and Ok.

Err Ssl Version Or Cipher Mismatch Clear Sll State On Windows

All you have to do is restart the browser to check if the error has been fixed.

This system can also help you resolve other SSL certificate-related errors, such as ERR_CERT_AUTHORITY_INVALID.

Enable TLS in your browser

If your browser is up-to-date, TLS 1.3 support should already be enabled. Otherwise, you can enable it manually as well. Let's see how to do it on Chrome.

Open the browser and visit chrome://flags/ to access the browser's experimental options.

Search for "tls" in the search bar at the top and set the option for TLS 1.3 to Enabled as you see in this screenshot.

Fix Err Ssl Version Or Cipher Mismatch Enable Tls Chrome

You can also enable TLS versions at the system level. On Windows, just open the Control Panel and click on Internet Options.

Click on the Advanced tab and check the "Use TLS 1.0, 1.1 ... 1.3" options and then click on Ok.

Windows Err Ssl Version Or Cipher Mismatch Enable Tls

This option allows you to work around the err_ssl_version_or_cipher_mismatch error, but if the error appears on your site because you are using an outdated version of TLS, you should upgrade to the most secure version of the protocol.

This way, even users using newer versions of browsers will be able to visit your site without running into errors like err_ssl_version_or_cipher_mismatch or err_ssl_obsolete_version.

Disable QUIC protocol

In some cases, the appearance of errors like err_ssl_version_or_cipher_mismatch can be due to the QUIC protocol. Let's see how to check if it is active on Chrome and how to disable it.

Open Chrome and visit chrome://flags, then search for "QUIC" in the search bar at the top.

The option you need to find is "Experimental QUIC protocol". To disable it, simply select Disable from the drop-down menu as seen here.

Fix Err Ssl Version Or Cipher Mismatch Disable Quic On Chrome

Disable antivirus (temporarily)

If you were not able to solve the error err_ssl_version_or_cipher_mismatch with the methods we have examined so far, you can try to temporarily disable the antivirus you are using.

In this way, you can figure out whether the error depends on the wrong configuration of the program.

Update your browser or operating system

As we've explained at the beginning of this in this guide, err_ssl_version_or_cipher_mismatch: How to solve it, the err_ssl_version_or_cipher_mismatch error can be generated by outdated versions of the browser or operating system.

For example, old browser versions may not support currently popular protocols such as TLS 1.3. If the error persists, try updating the browser or reinstalling it.

Similarly, the problem may be caused by older operating systems such as Windows XP or Windows Vista. These operating systems may not be compatible with the latest versions of the browser and this could be the cause of the error.

In this case, upgrading the operating system may solve the problem.

Conclusions

In this guide, err_ssl_version_or_cipher_mismatch: How to solve it, we have seen what causes the err_ssl_version_or_cipher_mismatch error. The problem may be due to the operating system or the browser you are using, or it may depend on the site's SSL certificate or server configurations.

Thanks to practical online tools such as those we have seen in this guide, it is easier to identify the causes of the error and to solve it.

In your case, was the error occurring on your site or on a site you were trying to visit? Were you able to figure out what was causing it? Let me know what method you used to solve it in the comments below.

Ivan Messina

Founder of SupportHost. With over 10 years of experience in web hosting, he works every day to improve the service and pays attention to each and every customer.

Cookie	Duration	Description
_dc_gtm_UA-*	1 minute	Google Tag Manager cookie for controlling the loading of a Google Analytics script tag.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other".
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
promocode	Until the coupon code expires, maximum 1 year	This cookie is set when you visit a page via a link that includes a discount code. The name of the discount code is remembered to remind the user that they can get a discount on the service.
RefID	90 days	This cookie stores the ID of the referral that sent the friend so that if the customer places an order within the next 90 days following the referral, the referral receives a gift for it.
user_currency_pref	11 months	This cookie is set to remember the user's currency.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
WHMCSAffiliateID	90 days	This cookie stores the ID of the affiliate that made the referral so that if the customer places an order within the next 90 days following the referral, the affiliate receives a commission for it.
WHMCSInstanceID	session	This cookie stores the unique session ID for each visitor and enables variables to pass between page loads. The cookie only contains a reference to a session on the web server. The user's browser won't store any personal information.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.

Cookie	Duration	Description
cf_chl_*	1 hour	This cookie is used to check whether the Cloudflare Edge server supports cookies.
cf_chl_prog	1 hour	These cookies are used by Cloudflare for the execution of Javascript or Captcha challenges. They are not used for tracking or beyond the scope of the challenge.
cf_chl_rc_ni	1 hour	These cookies are for internal use which allows Cloudflare to identify production issues on clients.
cf_chl_seq_*	session	These cookies are used by Cloudflare for the execution of Javascript or Captcha challenges. They are not used for tracking or beyond the scope of the challenge.
pvc_visits*	1 day	These Cookies are used by Posts View Counter plugin to count visits to specific posts, pages and tutorials.
WHMCSLinkID	364 days	This cookie remembers the link the visitor followed to get to our website, and the system uses it when receiving an order, to be able to associate the conversion with a link to be able to provide stats.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__stripe_mid	1 year	This cookie is used to prevent credit card frauds.
__stripe_sid	1 year	This cookie is used to prevent credit card frauds.
WHMCSUser	364 days	This cookie is used for the remember me functionality of the client area. The system only sets it if a client chose to have the system remember their details, ensuring that they don't need to log in multiple times. It is persistent and lasts for 365 days, or until logout.

Err_ssl_version_or_cipher_mismatch: how to solve

What is the err_ssl_version _or _cipher_mismatch error?

Variants of the err_ssl_version_or_cipher_mismatch

Err_ssl_version_or_cipher_mismatch: the causes of the error

How to fix the err_ssl_version_or_cipher_mismatch error

Server-side issues

Check the SSL certificate, TLS version and encryption

Mismatch error

Outdated TLS version

Active RC4 Encryption

Problems with the CDN configuration

Client-side issues

Empty the SSL cache

Enable TLS in your browser

Disable QUIC protocol

Disable antivirus (temporarily)

Update your browser or operating system

Conclusions

Ivan Messina

Search the blog

Popular articles

Best sellers

Free Trial

Related posts

Clear cache: a guide for the main browsers

Invalid SSL certificate: how to solve

How to change from http to https

Leave a Reply Cancel reply