SSL

Sep 22, 2023

Leonardus N.

9min Read

How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH

SSL errors, like the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, are common issues faced by internet users. Though it may seem daunting, resolving this error is straightforward. It arises when your web browser detects an issue with the website’s SSL certificate version.

In this article, we’ll discuss six different methods to fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, including what to do if the error occurs when opening your website.

What Is ERR_SSL_VERSION_OR_CIPHER_MISMATCH?

Website browsers automatically check the SSL of the website every time you try to connect to it. It’s a way to prove that the accessed website is genuine and has implemented the correct protocol to secure your connection.

This process is known as a TLS handshake. TLS (Transport Layer Security) is a protocol that ensures secure communication between a user’s computer and a web server.

Suppose the user’s browser and the web server fail to support a common SSL protocol version or cipher suite during the TLS handshake. In that case, the browser will automatically display the error message ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Error codeERR_SSL_VERSION_OR_CIPHER_MISMATCH
Error typeSSL
Error variationsThe client and server don’t support a common SSL protocol version or cipher suite.
X uses an unsupported protocol. err_ssl_version_or_cipher_mismatch
Error causesInvalid SSL certificate
Old TLS version
Outdated browser or OS
QUIC protocol
Browser cache

What Causes the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error?

The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message is the browser’s way of protecting you from accessing unsafe websites.

In addition, a website may use an unsupported version of a protocol that has security flaws, which may be harmful to your device or the information that goes to the website.

There are several issues that make a web server, and a web browser fail to support a common SSL protocol, and thus, triggering the error message ERR_SSL_VERSION_OR_CIPHER_MISMATCH:

  • Invalid SSL certificates – the domain’s SSL certificate may be assigned for a different domain name alias, thus triggering a certificate mismatch error.
  • Old TLS versions – the web server may use an old version of TLS that new web browsers no longer support.
  • Outdated web browsers or operating systems – older operating systems and web browsers may not support the latest version of TLS.
  • QUIC protocol – a Google project that acts as an alternative to common security solutions but may trigger the error.
  • Web browser’s cache – the cached data may not reflect the website’s security update.
  • Antivirus program – a misconfiguration in the antivirus program may trigger a false alarm that results in the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

It’s important to note that the error only occurs on websites that use SSL certificates and HTTPS encryption to secure access and information exchange. Websites that use these encryptions have a lock icon in the URL bar.

The padlock icon in the URL bar.

The error may also occur on websites that use Cloudflare CDN (content delivery network) and security add-ons.

How to Fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error

The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error is easy to fix despite its complicated and intimidating looks for beginners.

Let’s check six ways to fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

1. Check the SSL/TLS Certificate

Checking the site’s SSL/TLS certificate is an excellent place to start fixing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. If the SSL/TLS certificate is old or invalid, that may trigger an error message.

Use online tools like Qualys SSL Labs to run an SSL certificate check. This tool will grade the SSL connection and detect if there is any mismatch with the server. It can also inform whether your SSL/TLS certificate is old and requires an update.

To use the Qualys SSL Labs tool, simply type in the URL of your site and wait until Qualys SSL Labs generates the server test results.

Qualys SSL Labs SSL server test.

The test will inspect whether the SSL/TLS certificate is valid and trusted. Then, it will check three different aspects of the web server configuration: protocol support, key exchange support, and cipher support.

The Qualys SSL Labs tool will then calculate the results and present its scoring. Here’s an example of a great SSL test result:

The SSL report's summary showing overall rating A.

Using Qualys SSL Labs can also uncover common issues that may trigger ERR_SSL_VERSION_OR_CIPHER_MISMATCH error: SSL certificate name mismatch, old TLS version, and enabled RC4 cipher suite.

SSL Certificate Name Mismatch

Certificate name mismatch is one of the common causes of the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, and the SSL Labs tool can diagnose it pretty quickly. Additionally, it’ll provide a notification regarding the mismatch.

SSL Report informing about the certificate name mismatch.

The certificate name mismatch happens when the domain name in the SSL certificate doesn’t match the URL in the browser.

For instance, if the domain name in the certificate in the SSL certificate is www.example.com, and you visit the website using https://example.com or another domain name alias.

To avoid this, redirect traffic from www.example.com to the correct URL, https://www.example.com. Wildcard certificates also prevent this issue by allowing multiple hostnames under one certificate.

Use Google Chrome DevTools if you want to check the domain names on the certificate of the current site:

  1. Right-click anywhere in the web browser window and click Inspect.
  2. Open the Security tab.
Screenshot showing where to find the security tab.
  1. In the Security tab, you’ll see the certificate validation and connection settings, including the TLS version. Click View certificate to see the certificate information.
Screenshot from the security overview showing where to find the View certificate option.
  1. A new window will open. Go to the Details tab.
  2. Find and click Subject Alternative Name. The registered domain names will appear on the lower box.
Screenshot from the certificate details showing where to find the Subject Alternative Name option.

Another possible cause of the certificate name mismatch is if the domain points to an old IP address where the site no longer exists. Simply pointing the domain name from the old IP address to the new one should fix the certificate name mismatch.

Old TLS Version

The SSL Labs test identifies the current version of TLS that your website runs. It should at least run on TLS 1.2, as modern browsers have stopped supporting TLS 1.0 and TLS 1.1. If the site still uses an old TLS version, that can trigger the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

Screenshot highlighting that overall rating is F due to this server supporting TLS 1.0 and TLS 1.1.

If this is the case, contact your web host to upgrade the site’s TLS version.

RC4 Cipher Suite

The Qualys SSL Labs test also identifies the server’s current cipher suite. If it still uses the RC4 cipher suite, we recommend disabling it and configure the server to use a different cipher suite.

Screenshot highlighting that overall rating is F due to this server accepting RC4 cipher only with older protocols.

This is because Microsoft Edge, Google Chrome, and other browsers have removed the RC4 cipher suite support as it’s no longer considered safe.

That said, you may still find enterprises using the RC4 cipher suite. That’s because updating the server configuration of a more complex environment is a complicated process, requiring more time.

2. Configure SSL with Cloudflare

A misconfiguration on the Cloudflare and SSL settings can trigger the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. If that’s the case, the test result from SSL Labs will state that the SSL certificate is invalid.

Screenshot showing the overall rating and highlighting that this server's certificate is not trusted,

There are two ways to configure the SSL depending on your SSL types, via the hPanel and Cloudflare dashboard.

Via hPanel for Lifetime SSL

Reconfigure the SSL through hPanel and Cloudflare internal dashboard if you have installed the Lifetime SSL from Hostinger. Follow these steps to do so:

  1. Log in to your hPanel dashboard. Navigate to Websites and select the site whose SSL certificate you want to configure.
  2. On the Dashboard side menu, go to Security → SSL.
The SSL button on hPanel
  1. Click Uninstall to disable the SSL.
Uninstalling an SSL certificate on hPanel's security page
  1. Select the domain name and click Install SSL to re-enable the SSL.
Installing an SSL certificate on hPanel's Security page

Wait until the SSL becomes activated for your domain. After that, purge the website cache via the Cloudflare dashboard.

Once you’ve logged in to the Cloudflare dashboard, follow these steps to purge cache:

  1. Select Caching on the top panel of the dashboard.
Screenshot from the Cloudflare's dashboard showing where to find Caching,
  1. Go to the Configuration tab.
  2. You’ll find the Purge Cache section at the top. Select the Purge Everything button.
Screenshot from the configuration tab showing where to find the Purge Everything button,

Wait a few minutes until the process is completed, and the site should work again.

Via Internal Cloudflare for Universal SSL

If you have Universal SSL from Cloudflare, you have to configure it on the internal Cloudflare dashboard. These are the steps to do it:

  1. Log in to your Cloudflare dashboard.
  2. Select SSL/TLS on the top panel of the dashboard.
Screenshot from the Cloudflare's dashboard showing where to find SSL/TLS,
  1. Go to the Edge Certificates tab.
  2. Scroll down to the bottom, and you’ll find the Disable Universal SSL. Click on the Disable Universal SSL on the right column.
Screenshot from the Edge Certificates tab showing where to find the Disable Universal SSL button,
  1. Wait a few minutes until the process is complete and enable it again by clicking the Enable Universal SSL button.
Screenshot from the Edge Certificates tab showing where to find the Enable Universal SSL button,
  1. Proceed with purging the cache. Select Caching on the top panel of the dashboard.
  2. Go to the Configuration tab.
  3. You’ll find the Purge Cache section at the top. Select the Purge Everything button.

After completing all these steps, wait a few minutes and revisit your website to make sure the issue has been resolved.

3. Enable TLS 1.3 Support

TLS provides a secure connection between your browser and the web server. This layer is the direct successor of the SSL technology.

Most website browsers, such as Google Chrome, already support TLS 1.3. However, if you use an older version of Chrome, follow these steps to enable your browser TLS support:

  1. Open Google Chrome.
  2. Type in chrome://flags in Chrome’s address bar, then hit Enter.
  3. Search for TLS by typing in the search field.
  4. Set the TLS 1.3 support to Enable.

In some cases, the website you want to visit runs on TLS 1.0 or TLS 1.1. Newer browsers will reject the connection and can trigger the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message.

Newer versions of Google Chrome have a feature to enforce deprecation of older versions of TLS. That said, you can disable that to connect to a website with an older TLS version by following these steps:

  1. Open Google Chrome.
  2. Type in chrome://flags in the address bar, then press Enter.
  3. Search for TLS.
  4. Find Enforce deprecation of legacy TLS versions.
Screenshot from Chrome showing where to find Enforce deprecation of legacy TLS versions.
  1. Click on the drop-down menu and choose Disable.

Another method is by enabling all the versions of TLS on the system. Here are the steps to do that:

  1. Use the Windows search bar and type in Internet Options.
  2. Select Internet Options.
  3. The Internet Properties dialog box will appear. Open the Advanced tab.
  4. You’ll see a box with a checkbox list. Scroll down until you find Use TLS items.
Selecting Use TLS 1.0, Use TLS 1.1, Use TLS 1.2, Use TLS 1.3 (experimental) items,
  1. Check all the TLS versions and click OK.
  2. Restart Chrome so that the new settings take effect.

Warning! We don’t recommend keeping these settings, as this is not a safe web browsing measure. This method only confirms whether the old version of TLS on your website is the main reason for the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message.

4. Disable the QUIC Protocol

The QUIC (Quick UDP Internet Connection) protocol is an experimental project developed by Google to improve the connection of web applications using the User Datagram Protocol (UDP).

Although QUIC is known as an excellent alternative to other well-known security solutions such as TCP, HTTP/2, and TLS/SSL, this protocol often causes the appearance of warnings, including ERR_SSL_VERSION_OR_CHIPER_MISMATCH.

Disabling this protocol may solve the issue. Here are the steps to disable it in Google Chrome:

  1. Open Google Chrome and type in chrome://flags in the address bar.
  2. Search for QUIC.
  3. Find the Experimental QUIC Protocol.
Screenshot from Chrome showing where to find the Experimental QUIC protocol.
  1. Open the drop-down menu and select Disable.

Important! There are other methods to disable the QUIC protocol, such as using the Application control or Firewall Policy. However, we do not recommend using them as these methods require technical expertise.

5. Clear Your Web History/Cache

The browser’s web history and cache store data from websites that you have visited. The cache data that includes text, images, or files helps the browser load the website faster on the next visit.

However, storing old cache is a bad habit, especially if the sites visited have already updated their system. If you do not delete the cache for a long time, it may cause an SSL error and security risks.

Clearing the browser’s cache and restarting it may be a solution to resolve ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

If you’re using Google Chrome, follow these steps to delete cache:

  1. Click the three vertical dots on the top right corner of Google Chrome, then select Settings.
Screenshot from Chrome showing where to find Settings,
  1. Scroll down, and find the Privacy and security section. Click on Clear browsing data.
Screenshot from the privacy and security settings showing where to find the clear browsing data option,
  1. A pop-up window will appear. Check the Cached images and files option. Use the drop-down menu to select the time frame for deletion and click Clear data.
Screenshot showing where to find the cached images and files option,
  1. Restart Chrome to finish the process.

Try visiting the website once you’ve cleared the cache. If the error persists, you may need to clear SSL state in your browser from the operating system’s settings.

  1. In the Windows search bar, type in Internet Options.
  2. Select Internet Options.
  3. The Internet Properties dialog box will appear. Open the Content tab.
Screenshot from the Internet Properties showing where to find the clear SSL state option,
  1. Click on Clear SSL State, then click OK.

6. Disable Your Antivirus or Firewall

Improper configuration of antivirus software or firewall can cause connection security problems. One of them is the ERR_SSL_VERSION_OR_CHIPER_MISMATCH error.

Poor configuration or the software’s own certificates can cause false alarms that may indicate a safe website as a dangerous one.

If you want to check whether it’s causing the error, we recommend that you temporarily disable the antivirus software to avoid serious security problems.

That said, if your antivirus software has an automatic SSL scanning, disabling that feature should get rid of the error message without deactivating the whole antivirus system.

What If the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error Persists?

These six methods should be enough to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH in your browser. However, there may be cases where they don’t resolve the issue.

Older operating systems or web browsers can also cause this error. To confirm if this is the issue, try opening the website on another up-to-date device. If it works, then the error must have something to do with your browser or operating system.

Older web browser versions may not support the latest version of technologies, such as TLS 1.3. It’s also possible that an older version of the operating system is the root cause as modern browsers stop supporting them.

Reinstalling the web browser should fix it. Simply uninstall the web browser from your computer. Then, download and install the latest version on the official website.

However, reinstalling the web browser won’t solve it if you run an old operating system like Windows XP or Windows Vista. Most likely, these operating systems won’t be compatible with the browser’s latest version. In this case, you need to update the operating system to Windows 10.

Important! In case you already have the latest version of the operating system and web browser, but the website is still showing the error, we recommend contacting our support team to get help resolving the issue.

Conclusion

The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error happens when the web browser and the web server don’t support a common SSL protocol version.

It may occur on websites that use Cloudflare’s content delivery network and security add-ons. Some of the reasons include an old TLS version, certificate name mismatch, or a misconfiguration on the website’s SSL settings.

Thankfully, there are several methods to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH:

  • Check your SSL/TLS certificate using Qualys SSL Labs. This will uncover issues such as SSL certificate name mismatch and identify the current version of SSL/TLS. Additionally, check if the domain points to an old IP address.
  • Configure SSL with Cloudflare by installing a new SSL certificate if the previous one is outdated. Disabling, reenabling, and purging SSL cache via the Cloudflare panel may also help resolve the issue.
  • Enable TLS 1.3 support if you’re using an older version of the web browser. Conversely, if you’re using modern browsers and the website only supports TLS 1.0 or TLS 1.1, deprecate the TLS 1.3 enforcement.
  • Disable the QUIC protocol on your web browser.
  • Clear your browser history and cache as there may be an old configuration that interferes with the connection.
  • Clear ssl state.
  • Temporarily disable antivirus software to check if the antivirus configuration triggers the error message. If it has an automatic SSL scanning, turn it off.
  • Update your web browser and operating system to the latest version so that they support TLS 1.3.

Finally, don’t be alarmed if you encounter an unknown error message such as ERR_SSL_VERSION_OR_CIPHER_MISMATCH. Read the message carefully to find the right solution for the issue. Without a proper fix, there is a big chance that the same error will occur again.

Suggested Reading

How to Fix Your Connection Is Not Private
How to Solve Localhost Refused to Connect Error
How to Fix ERR_NAME_NOT_RESOLVED Error
How to Fix ERR_SSL_PROTOCOL_ERROR

Author
The author

Leonardus N.

Leo is a WordPress fanatic and contributor. He likes keeping up with the latest WordPress news and updates, and sharing his knowledge to help people build successful websites. When he's not working, he contributes to WordPress documentation team and pampers his dogs.

More from Leonardus N.