How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH?

SSL errors are one of the most common problems encountered by internet users. While the error message in a browser might be quite scary for beginners, this problem is actually quite easy to solve. In this article, we will help you to resolve the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message quickly and effectively.

What Is ERR_SSL_VERSION_OR_CIPHER_MISMATCH?

Every time you try to connect to a website, your browser will automatically check the SSL certificate of the website. Checking the certificate is a way to prove that the accessed website is genuine and has implemented the right protocol to secure your connection.

When the protocol configured on the website’s server appears to be unsafe, your browser will automatically display an error message, such as  ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

This message is basically the browser’s way to protect you from accessing unsafe websites.

In addition, the website you’re trying to access may also use an old version of a protocol that has some serious security holes which might endanger your device.

Furthermore, it is important to note that ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message only appears when you try to access websites that use SSL and HTTPS encryption to secure the access and information exchange.

The website that uses these encryptions have a lock icon in the URL bar. It is also worth mentioning that this problem is more likely to occur on Google Chrome and Internet Explorer.

Why Does It Appear in Your Browser?

ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message can be caused by various things, ranging from the incompatibility of one or more SSL certificates with the components on your device to the problems with system security settings such as firewalls and antiviruses that are not properly configured.

Another common cause of this error is QUIC (Quick UDP Internet Connections) protocol.

Moreover, other small things such as old cookies and stacked up browser history can also interfere with the security of the connection.

How to Fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error?

As we have previously mentioned, while the message looks complicated and bit intimidating for a beginner, it is actually quite easy to fix as long as you know the right methods to deal with it.

There are at least five effective methods that you can try to resolve the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error:

1. Check Your SSL/TLS Certificate

Checking your SSL/TLS certificate might be a good place to start fixing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. If your TLS/SSL certificate is old or broken, you should not be surprised if a lot of error messages appear every time you surf the internet.

To check your SSL/TLS certificate, you can use SSL Labs. This tool will grade your SSL connection and detect if there is any mismatch in a server. It can also inform whether your SSL/TLS is old and needs an update.

Here is an example of an SSL report from Hostinger using this amazing tool:

2. Enable TLS 1.3 Support

TSL (Transport Layer Security) provides a secure connection between your browser and the web server. This layer is the direct successor of the SSL technology.

If this feature is disabled, it might be the reason why your browser rejects the certificates of some websites.

Luckily, most of the modern browsers, such as Google Chrome, are already equipped with TLS 1.3 by default.

However, if you have an older version of Chrome, you need to follow these steps to enable your browser TLS support:

1. Open Google Chrome
2. Type in chrome://flags in Chrome’s URL bar, then hit enter
3. Now search for TLS
4. Set the TLS 1.3 support to Enable

However, note that this will not be available in the newer version of Google Chrome.

For instance, if you try those steps in Chrome version 80.0.3987.122, you will only find the TLS 1.3 downgrade hardening which functions to “harden” the TLS 1.3 connections and provides downgrade compatibility for the older TLS (set it to default).

3. Disable QUIC Protocol

QUIC (Quick UDP Internet Connections) protocol is an experimental project of Google that can send simple packages using User Datagram Protocol (UDP) without connection.

Although QUIC is known as an excellent alternative to other well-known security solutions such as TCP, HTTP/2, and TLS/SSL, this protocol often causes the appearance of the mixed-content warning, including ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

Therefore, you may need to disable this protocol to solve the SSL/certificate connection problem. Here are the steps to disable it in Google Chrome:

1. Open Chrome, then type in chrome://flags in the URL bar and hit enter.
2. You will land on the experimental feature page, search for QUIC.
3. Set the Experimental QUIC Protocol to Disable.
4. Done!

Keep in mind that there are other methods to disable QUIC protocol, such as using Application control or Firewall Policy. However, we do not recommend you to use it since these methods require a bit of expertise.

4. Clear Your Web History/Cache

Web history and cache will store data on sites that you have visited in the browser. The data can be text, images, or files. Activating the cache allows you to access web pages faster.

However, storing old cache is a bad habit, especially if the sites you have visited has already updated its system. If you do not delete cache for a long time, it might cause an SSL error and long-term security risks.

Therefore, wiping your device’s cache and restarting your browser sometimes is the best solution to resolve ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

If it does not solve the error, you might need to clear the SSL State in your browser.

Here are the steps to clear SSL State in the latest version of Google Chrome (ver. 80.0.3987.122):

1. Hover your mouse to the right corner of your Chrome screen, click the 3 vertical dots, then select Settings.
2. Scroll down in the Settings area until you find the Advanced option. Click it.
3. Now click Open Proxy Settings. The Internet Properties dialog box should appear.
4. Choose the Content tab. Ignore the settings in all other tabs.
5. Click Clear SSL State, then hit OK.

5. Disable Your Antivirus or Firewall

Improper configuration of antivirus and/or firewall can also cause connection security problems that result in the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

Poor configuration can also cause some false alarms that cause a safe website detected as a dangerous site.

Therefore, it is better to leave your firewall settings to default. You can also disable it, but this action may cause critical security problems. Do it at your own risk.

Moreover, if you run antivirus software or any type of security program installed on your computer, the software might have an automatic SSL scanning. Disabling the SSL Scan could help you to get rid of error messages on the website.

The steps to disable an automatic SSL scanning in an antivirus vary. However, if the one you are using has an SSL Scan option, just turn it off.

What If All of Them Didn’t Work?

While we think that the above methods should be enough to fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH in your browser, sometimes they might not work because of some shenanigans.

If it happens, we strongly advise you to reinstall your web browser. Do not forget to check your browser version, you may need to update it to the newest one.

Moreover, an older operating system such as Windows XP and Vista has a bigger risk of stumbling upon an SSL error. Thus, you have to update your OS in order to prevent the error. If you already have the latest OS, try checking for the latest major update.

Conclusion

If you happen to get the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message while surfing the internet, there are some things you can do:

• Check your SSL/TSL certificate, make sure you use the newest version. Use SSL Labs to check it.
• If you use an older browser, you might need to enable the TLS 1.3 support.
• Make sure that you have disabled the QUIC protocol since it can cause SSL error in some websites.
• Try to clear all of your browser history and cache. There might be an old configuration in the cache that interferes with your connection.
• Try disabling your antivirus and check the firewall configuration, make sure everything is set to default. If your antivirus has an automatic SSL scanning, turn it off.

Finally, the first thing you need to do while getting an unexpected error message in your browser is to calm down and read the error message carefully.

Most people often freak out when stumbling upon an error like this and forcefully close or restart their browser without paying attention to the message. Whereas, without a proper fix, there is a big chance that the error will occur again, sooner or later.