Sep 08, 2021
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH
SSL errors are common problems encountered by internet users, including the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
Seeing this unknown error message on the web browser may be daunting, but this is an easy-to-resolve. It occurs when your web browser identifies a problem with the website’s SSL certificate version.
In this article, we’ll discuss six different methods to fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, including what to do if the error occurs when opening your website.
What Is ERR_SSL_VERSION_OR_CIPHER_MISMATCH?
Website browsers automatically check the SSL certificate of the website every time you try to connect to it. It’s a way to prove that the accessed website is genuine and has implemented the correct protocol to secure your connection.
This process is known as a TLS handshake. TLS (Transport Layer Security) is a protocol that ensures secure communication between a user’s computer and a web server.
Suppose the user’s browser and the web server fail to support a common SSL protocol version or cipher suite during the TLS handshake. In that case, the browser will automatically display the error message ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
What Causes the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error?
The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message is the browser’s way of protecting you from accessing unsafe websites.
In addition, a website may use an unsupported version of a protocol that has security flaws, which may be harmful to your device or the information that goes to the website.
There are several issues that make a web server, and a web browser fail to support a common SSL protocol, and thus, triggering the error message ERR_SSL_VERSION_OR_CIPHER_MISMATCH:
- Invalid SSL certificates – the domain’s SSL certificate may be assigned for a different domain name alias, thus triggering a certificate mismatch error.
- Old TLS versions – the web server may use an old version of TLS that new web browsers no longer support.
- Outdated web browsers or operating systems – older operating systems and web browsers may not support the latest version of TLS.
- QUIC protocol – a Google project that acts as an alternative to common security solutions but may trigger the error.
- Web browser’s cache – the cached data may not reflect the website’s security update.
- Antivirus program – a misconfiguration in the antivirus program may trigger a false alarm that results in the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
It’s important to note that the error only occurs on websites that use SSL certificates and HTTPS encryption to secure access and information exchange. Websites that use these encryptions have a lock icon in the URL bar.
The error may also occur on websites that use Cloudflare CDN (content delivery network) and security add-ons.
How to Fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error is easy to fix despite its complicated and intimidating looks for beginners.
Let’s check six ways to fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
1. Check the SSL/TLS Certificate
Checking the site’s SSL/TLS certificate is an excellent place to start fixing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. If the SSL/TLS certificate is old or invalid, that may trigger an error message.
Use online tools like Qualys SSL Labs to run an SSL certificate check. This tool will grade the SSL connection and detect if there is any mismatch with the server. It can also inform whether your SSL/TLS certificate is old and requires an update.
To use the Qualys SSL Labs tool, simply type in the URL of your site and wait until Qualys SSL Labs generates the server test results.
The test will inspect whether the SSL/TLS certificate is valid and trusted. Then, it will check three different aspects of the web server configuration: protocol support, key exchange support, and cipher support.
The Qualys SSL Labs tool will then calculate the results and present its scoring. Here’s an example of a great SSL test result:
Using Qualys SSL Labs can also uncover common issues that may trigger ERR_SSL_VERSION_OR_CIPHER_MISMATCH error: SSL certificate name mismatch, old TLS version, and enabled RC4 cipher suite.
SSL Certificate Name Mismatch
Certificate name mismatch is one of the common causes of the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, and the SSL Labs tool can diagnose it pretty quickly. Additionally, it’ll provide a notification regarding the mismatch.
The certificate name mismatch happens when the domain name in the SSL certificate doesn’t match the URL in the browser.
For instance, if the domain name in the certificate in the SSL certificate is www.example.com, and you visit the website using https://example.com or another domain name alias.
Use Google Chrome DevTools if you want to check the domain names on the certificate of the current site:
- Right-click anywhere in the web browser window and click Inspect.
- Open the Security tab.
- In the Security tab, you’ll see the certificate validation and connection settings, including the TLS version. Click View certificate to see the certificate information.
- A new window will open. Go to the Details tab.
- Find and click Subject Alternative Name. The registered domain names will appear on the lower box.
Another possible cause of the certificate name mismatch is if the domain points to an old IP address where the site no longer exists. Simply pointing the domain name from the old IP address to the new one should fix the certificate name mismatch.
Old TLS Version
The SSL Labs test identifies the current version of TLS that your website runs. It should at least run on TLS 1.2, as modern browsers have stopped supporting TLS 1.0 and TLS 1.1. If the site still uses an old TLS version, that can trigger the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
If this is the case, contact your web host to upgrade the site’s TLS version.
RC4 Cipher Suite
The Qualys SSL Labs test also identifies the server’s current cipher suite. If it still uses the RC4 cipher suite, we recommend disabling it and configure the server to use a different cipher suite.
This is because Microsoft Edge, Google Chrome, and other browsers have removed the RC4 cipher suite support as it’s no longer considered safe.
That said, you may still find enterprises using the RC4 cipher suite. That’s because updating the server configuration of a more complex environment is a complicated process, requiring more time.
2. Configure SSL with Cloudflare
A misconfiguration on the Cloudflare and SSL settings can trigger the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. If that’s the case, the test result from SSL Labs will state that the SSL certificate is invalid.
There are two ways to configure the SSL depending on your SSL types, via the hPanel and Cloudflare dashboard.
Via hPanel for Lifetime SSL
Reconfigure the SSL through hPanel and Cloudflare internal dashboard if you have installed the Lifetime SSL from Hostinger. Follow these steps to do so:
- Log in to your hPanel dashboard.
- Find the Advanced section and click on SSL.
- Click Uninstall to disable the SSL.
- Select the domain name and click Install SSL to re-enable the SSL.
Wait until the SSL becomes activated for your domain. After that, purge the website cache via the Cloudflare dashboard.
If you purchased Cloudflare from Hostinger, you’ll receive an email with instructions to help you log in to your Cloudflare account
Once you’ve logged in to the Cloudflare dashboard, follow these steps to purge cache:
- Select Caching on the top panel of the dashboard.
- Go to the Configuration tab.
- You’ll find the Purge Cache section at the top. Select the Purge Everything button.
Wait a few minutes until the process is completed, and the site should work again.
Via Internal Cloudflare for Universal SSL
If you have Universal SSL from Cloudflare, you have to configure it on the internal Cloudflare dashboard. These are the steps to do it:
- Log in to your Cloudflare dashboard.
- Select SSL/TLS on the top panel of the dashboard.
- Go to the Edge Certificates tab.
- Scroll down to the bottom, and you’ll find the Disable Universal SSL. Click on the Disable Universal SSL on the right column.
- Wait a few minutes until the process is complete and enable it again by clicking the Enable Universal SSL button.
- Proceed with purging the cache. Select Caching on the top panel of the dashboard.
- Go to the Configuration tab.
- You’ll find the Purge Cache section at the top. Select the Purge Everything button.
After completing all these steps, wait a few minutes and revisit your website to make sure the issue has been resolved.
3. Enable TLS 1.3 Support
TLS provides a secure connection between your browser and the web server. This layer is the direct successor of the SSL technology.
Most website browsers, such as Google Chrome, already support TLS 1.3. However, if you use an older version of Chrome, follow these steps to enable your browser TLS support:
- Open Google Chrome.
- Type in chrome://flags in Chrome’s address bar, then hit Enter.
- Search for TLS by typing in the search field.
- Set the TLS 1.3 support to Enable.
In some cases, the website you want to visit runs on TLS 1.0 or TLS 1.1. Newer browsers will reject the connection and can trigger the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message.
Newer versions of Google Chrome have a feature to enforce deprecation of older versions of TLS. That said, you can disable that to connect to a website with an older TLS version by following these steps:
- Open Google Chrome.
- Type in chrome://flags in the address bar, then press Enter.
- Search for TLS.
- Find Enforce deprecation of legacy TLS versions.
- Click on the drop-down menu and choose Disable.
Another method is by enabling all the versions of TLS on the system. Here are the steps to do that:
- Use the Windows search bar and type in Internet Options.
- Select Internet Options.
- The Internet Properties dialog box will appear. Open the Advanced tab.
- You’ll see a box with a checkbox list. Scroll down until you find Use TLS items.
- Check all the TLS versions and click OK.
- Restart Chrome so that the new settings take effect.
We don’t recommend keeping these settings, as this is not a safe web browsing measure. This method only confirms whether the old version of TLS on your website is the main reason for the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message.
4. Disable the QUIC Protocol
The QUIC (Quick UDP Internet Connection) protocol is an experimental project developed by Google to improve the connection of web applications using the User Datagram Protocol (UDP).
Although QUIC is known as an excellent alternative to other well-known security solutions such as TCP, HTTP/2, and TLS/SSL, this protocol often causes the appearance of warnings, including ERR_SSL_VERSION_OR_CHIPER_MISMATCH.
Disabling this protocol may solve the issue. Here are the steps to disable it in Google Chrome:
- Open Google Chrome and type in chrome://flags in the address bar.
- Search for QUIC.
- Find the Experimental QUIC Protocol.
- Open the drop-down menu and select Disable.
There are other methods to disable the QUIC protocol, such as using the Application control or Firewall Policy. However, we do not recommend using them as these methods require technical expertise.
5. Clear Your Web History/Cache
The browser’s web history and cache store data from websites that you have visited. The cache data that includes text, images, or files helps the browser load the website faster on the next visit.
However, storing old cache is a bad habit, especially if the sites visited have already updated their system. If you do not delete the cache for a long time, it may cause an SSL error and security risks.
Deleting the browser’s cache and restarting it may be a solution to resolve ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
If you’re using Google Chrome, follow these steps to delete cache:
- Click the three vertical dots on the top right corner of Google Chrome, then select Settings.
- Scroll down, and find the Privacy and security section. Click on Clear browsing data.
- A pop-up window will appear. Check the Cached images and files option. Use the drop-down menu to select the time frame for deletion and click Clear data.
- Restart Chrome to finish the process.
Try visiting the website once you’ve cleared the cache. If the error persists, you may need to clear the SSL state in your browser from the operating system’s settings.
- In the Windows search bar, type in Internet Options.
- Select Internet Options.
- The Internet Properties dialog box will appear. Open the Content tab.
- Click on Clear SSL State, then click OK.
6. Disable Your Antivirus or Firewall
Improper configuration of antivirus software or firewall can cause connection security problems. One of them is the ERR_SSL_VERSION_OR_CHIPER_MISMATCH error.
Poor configuration or the software’s own certificates can cause false alarms that may indicate a safe website as a dangerous one.
If you want to check whether it’s causing the error, we recommend that you temporarily disable the antivirus software to avoid serious security problems.
That said, if your antivirus software has an automatic SSL scanning, disabling that feature should get rid of the error message without deactivating the whole antivirus system.
What If the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error Persists?
These six methods should be enough to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH in your browser. However, there may be cases where they don’t resolve the issue.
Older operating systems or web browsers can also cause this error. To confirm if this is the issue, try opening the website on another up-to-date device. If it works, then the error must have something to do with your browser or operating system.
Older web browser versions may not support the latest version of technologies, such as TLS 1.3. It’s also possible that an older version of the operating system is the root cause as modern browsers stop supporting them.
Reinstalling the web browser should fix it. Simply uninstall the web browser from your computer. Then, download and install the latest version on the official website.
However, reinstalling the web browser won’t solve it if you run an old operating system like Windows XP or Windows Vista. Most likely, these operating systems won’t be compatible with the browser’s latest version. In this case, you need to update the operating system to Windows 10.
In case you already have the latest version of the operating system and web browser, but the website is still showing the error, we recommend contacting our support team to get help resolving the issue.
The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error happens when the web browser and the web server don’t support a common SSL protocol version.
It may occur on websites that use Cloudflare’s content delivery network and security add-ons. Some of the reasons include an old TLS version, certificate name mismatch, or a misconfiguration on the website’s SSL settings.
Thankfully, there are several methods to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH:
- Check your SSL/TLS certificate using Qualys SSL Labs. This will uncover issues such as SSL certificate name mismatch and identify the current version of SSL/TLS. Additionally, check if the domain points to an old IP address.
- Configure SSL with Cloudflare by installing a new SSL certificate if the previous one is outdated. Disabling, reenabling, and purging SSL cache via the Cloudflare panel may also help resolve the issue.
- Enable TLS 1.3 support if you’re using an older version of the web browser. Conversely, if you’re using modern browsers and the website only supports TLS 1.0 or TLS 1.1, deprecate the TLS 1.3 enforcement.
- Disable the QUIC protocol on your web browser.
- Clear your browser history and cache as there may be an old configuration that interferes with the connection.
- Temporarily disable antivirus software to check if the antivirus configuration triggers the error message. If it has an automatic SSL scanning, turn it off.
- Update your web browser and operating system to the latest version so that they support TLS 1.3.
Finally, don’t be alarmed if you encounter an unknown error message such as ERR_SSL_VERSION_OR_CIPHER_MISMATCH. Read the message carefully to find the right solution for the issue. Without a proper fix, there is a big chance that the same error will occur again.