ERR_SSL_VERSION_OR_CIPHER_MISMATCH is an error that occurs when a website’s SSL certificate is outdated or incompatible with the browser you’re using. This error can be caused by a variety of factors, including outdated browsers, outdated SSL certificates, or incorrect server configurations. Fortunately, there are a few steps you can take to fix this error.
Step 1: Update Your Browser
The first step to fixing ERR_SSL_VERSION_OR_CIPHER_MISMATCH is to make sure you’re using the latest version of your browser. Outdated browsers may not be able to properly connect to websites with newer SSL certificates, so updating your browser is the first step to fixing this error.
Step 2: Check the Website’s SSL Certificate
The next step is to check the website’s SSL certificate. If the certificate is outdated or incompatible with your browser, you may need to contact the website’s administrator to get it updated.
Step 3: Check Your Server Configuration
If the website’s SSL certificate is up to date, the next step is to check your server configuration. Make sure that your server is configured to use the latest version of SSL and that it is compatible with your browser.
Step 4: Contact Your Web Host
If you’re still having trouble, the next step is to contact your web host. They may be able to help you troubleshoot the issue and get your website up and running again.
Conclusion
ERR_SSL_VERSION_OR_CIPHER_MISMATCH is an error that can be caused by a variety of factors, including outdated browsers, outdated SSL certificates, or incorrect server configurations. Fortunately, there are a few steps you can take to fix this error, including updating your browser, checking the website’s SSL certificate, checking your server configuration, and contacting your web host.
When you visit a website running over HTTPS a series of steps are performed between the browser and the web server to ensure the certificate and SSL/TLS connection is valid.
Some of these include the TLS handshake, the certificate being checked against the certificate authority, and decryption of the certificate.
What Is the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error?
If for some reason the browser doesn’t like what it sees, such as a misconfiguration or unsupported version, your browser might display the following error: “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” which prevents you from accessing the site.
Check out a few recommendations on how to fix this error.
What Causes the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error?
The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error typically happens on older operating systems or browsers.
But that is not always the case. In fact, we just recently encountered a user having this issue on their WordPress site who was migrating to Kinsta from another host. We were, of course, running the latest version of Chrome, so the issue was with their SSL certificate. Chrome is actually protecting you by not letting you load it.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
You might also see a variation of the error, such as:
The client and server don’t support a common SSL protocol version or cipher suite
Check out reasons below on why this happens and what you can do about it.
Check Your SSL Certificate
If you see this error, the first and easiest place to start is to perform an SSL check on the certificate that is installed on the site. We recommend using the free SSL check tool from Qualys SSL Labs. It is very reliable and we use it for all Kinsta clients when verifying certificates. Simply input your domain into the Hostname field and click on “Submit.”
You can also select the option to hide public results if you prefer. It could take a minute or two to scan your site’s SSL/TLS configuration on your web server.
Check SSL certificate
Check for Certificate Name Mismatch
In this particular instance, the customer migrating to Kinsta had a certificate name mismatch which was throwing up the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. As you can see from the SSL Labs test below, this is pretty quick and easy to diagnose. As SSL Labs states, a mismatch can be a number of things such as:
The site does not use SSL, but shares an IP address with some other site that does.
The site no longer exists, yet the domain still points to the old IP address, where some other site is now hosted.
The site uses a content delivery network (CDN) that doesn’t support SSL.
The domain name alias is for a website whose name is different, but the alias was not included in the certificate.
Certificate name mismatch
Another easy way to check the current domain name issue on the certificate is to open up Chrome DevTools on the site. Right-click anywhere on the website and click on “Inspect.” Then click on the security tab and click on “View certificate.” The issued domain will show in the certificate information. If this doesn’t match the current site you’re on, this is a problem.
Check issued domain on SSL certificate
Remember though, there are wildcard certificates and other variations, but for a typical site, it should match exactly. However, in our case, the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error actually prevented us from being able to check it in Chrome DevTools. That is where a tool like SSL Labs can come in handy.
Check for Old TLS version
Another possible reason is that the TLS version running on the web server is old. Ideally, it should be running at least TLS 1.2 (better yet, TLS 1.3). If you are a Kinsta customer you never have to worry about this as we always upgrade our servers to the latest and greatest supported versions. Kinsta supports TLS 1.3 on all of our servers and our Kinsta CDN. Cloudflare also enables TLS 1.3 by default.
(Suggested reading: if you’re using legacy TLS versions, you might want to fix ERR_SSL_OBSOLETE_VERSION Notifications in Chrome).
This is something the SSL Labs tool can also help with. Under configuration, it will show you the current version of TLS running on the server with that certificate. If it is old, reach out to your host and ask them to update their TLS version.
TLS 1.3 server support
Check RC4 Cipher Suite
Another reason according to Google’s documentation for ERR_SSL_VERSION_OR_CIPHER_MISMATCH is that the RC4 cipher suite was removed in Chrome version 48. This is not very common, but it could happen in say larger enterprise deployments that require RC4. Why? Because everything usually takes longer to upgrade and update in bigger and more complex configurations.
Security researchers, Google, and Microsoft recommend that RC4 be disabled. So you should make sure the server configuration is enabled with a different cipher suite. You can view the current cipher suite in the SSL Labs tool (as seen below).
Cipher suite
Clear the SSL State In Chrome
Another thing to try is clearing the SSL state in Chrome. Just like clearing your browser’s cache this can sometimes help if things get out of sync. To clear the SSL state in Chrome on Windows, follow these steps:
Click the Google Chrome – Settings icon (Settings) icon, and then click Settings.
Click Show advanced settings.
Under Network, click Change proxy settings. The Internet Properties dialog box appears.
We’ve taken our knowledge of effective website management at scale, and turned it into an ebook and video course. Click on the link to download The Guide to Managing 60+ WordPress Sites!
Use a New Operating System
Older operating systems fall out of date with newer technologies such as TLS 1.3 and the latest cipher suites as browsers stop supporting them. Specific components in the latest SSL certs will simply stop working. Google Chrome, in fact, pulled the plug on Windows XP back in 2015. We always recommend upgrading to newer operating systems if possible, such as Windows 10 or the latest version of Mac OS X.
Temporary Disable Antivirus
The last thing we recommend trying if you are still seeing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error is to ensure you don’t have an antivirus program running. Or try temporarily disabling it. Some antivirus programs create a layer between your browser and the web with their own certificates. This can sometimes cause issues.
Get all your applications, databases and WordPress sites online and under one roof. Our feature-packed, high-performance cloud platform includes:
Easy setup and management in the MyKinsta dashboard
24/7 expert support
The best Google Cloud Platform hardware and network, powered by Kubernetes for maximum scalability
An enterprise-level Cloudflare integration for speed and security
Global audience reach with up to 35 data centers and 275 PoPs worldwide
Get started with a free trial of our Application Hosting or Database Hosting. Explore our plans or talk to sales to find your best fit.
Passionate Professional Blogger, Freelancer, WordPress Enthusiast, Digital Marketer, Web Developer, Server Operator, Networking Expert. Empowering online presence with diverse skills.
Jassweb always keeps its services up-to-date with the latest trends in the market, providing its customers all over the world with high-end and easily extensible internet, intranet, and extranet products.
