Fixed: The Uploaded File Exceeds the upload_max_filesizeDirective in php.ini
July 4, 2019Coffee Websites and Website Designs That Look Great
November 22, 2019If you’ve just encountered the “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” error, you’re probably thinking, “What the heck?” Worry not, for help is at hand! Hold on to your hat because we’re going to explain what this bewildering error is, why it appears, and how to fix it.
What Does The Error Mean?
Although most of the process is hidden from the user, whenever you try to access a website that runs HTTPS a series of steps need to be completed. These steps refer to the communication established between your browser and the web server.
The purpose of these steps is to ensure that the SSL/TLS connection is correct. In other words, the steps are required to make sure that your site is safe and that the communication channel is correctly encrypted using SSL/TLS encryption technology.
The most important step is the TLS handshake. The handshake refers to the initiation of the secure connection and the exchange of keys and certificates between the client and server.
If a misconfiguration arises at any stage of the handshake or decryption process, the communication between the browser and the web server can’t be established, and thus you will receive an error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
Why Does The "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" Appear?
Before anything else, you need to understand why the ERR_SSL_VERSION_OR_CIPHER_MISMATCH notification appears. The primary cause behind this error is that your browser doesn’t trust the certificate it finds.
The reasons for this are diverse: an outdated browser, an outdated OS, misconfigured SSL/TLSciphers, your firewall or antivirus is blocking the site, and so on and so forth. You will be shown this error on Google Chrome:
The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error code appears mainly because there are problems with the SSL/TLSconnection, which cannot be properly established. To recognize whether a website uses SSL/TLS encryption or not, you can simply look at the address bar.
If the link begins with HTTPS, then the browser needs to access the certificate in the information exchange with the web server. Another sign that the site uses this certificate is the small lock symbol placed on the left side of the bar.
A non-HTTPS site will generally not ever give this error unless something is incorrectly configured on the server side.
How Can You Fix It?
Now that you’ve figured out what causes it, it’s time to move on to how to fix it. Most people use Google Chrome because it is allegedly the fastest browser out there. However, the occurrence of the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error is possible with any browser.
For simplicity’s sake, we will explain the fixes for Chrome only, although the steps are similar for other major browsers like Firefox.
Before applying the tips that you find in this article, you should know that the problem may not be solved from the very beginning. If that’s your case, keep reading and try each of the solutions in turn.
Secondly, you should be aware that some of the fixes listed here are not entirely safe because they involve downgrading to versions that may have weaker security protocols.
With that said, let’s proceed to the potential fixes:
Clear the Windows’ SSL Certificate Cache
Simply clearing the SSL certificate cache on your computer can solve the ERR_SSL_VERSION_OR_CIPHER_MISMATCH issue. If you don’t know how to do this, follow these steps:
1. Navigate to your computer’s Control Panel
2. Look for “Internet Options”
3. Go to “Content”
4. You should see an option for clearing SSL State
5. Select it and click OK
6. Go to your browser and access the website again
Naturally, this is a solution that only works for computers that run Windows. For Linux or Mac, you may need to find another similar solution based on this idea.
Enable The Other SSL/TLS Versions
You can try to enable all the available SSL or TLS versions in your browser. If the first method didn’t work, try these steps instead:
1. Open Google Chrome
2. Navigate to Settings by clicking the three-dot symbol in the top-right corner of the page
3. Type “proxy” in the Search Bar
4. Look for “Open Proxy Settings”
5. Select “Advanced”
6. Mark all the available SSL/TLS versions under the Security category
7. Press “Apply Changes”
8. Restart your browser and access the website again
Check If There Is Any Name Mismatch in Your Certificates
In rare situations, the ERR_SSL_VERSION_OR_CIPHER_MISMATCH problem is caused by a certificate name mismatch on the server side. This issue can have a myriad of reasons behind it, and you might not be able to fix it yourself if you’re not the website owner.
Instead, you will want to contact the admin of the site and inform them of the error so that they can configure their SSL/TLS settings correctly, thus making the website available again. These are some of the most common reasons, but there may be more:
1. The site doesn’t actually use SSL, but its IP address is shared with the IP address of another website which does use SSL.
2. The site is no longer active at that address, but the domain is linked to the old IP address, causing a mismatch.
3. There is an incompatibility between the site’s CDN (Content Delivery Network) and the SSL certificate.
4. There is a mismatch between the domain name alias and the name included in the SSL certificate.
Check Your Server’s TLS Versions
If your server’s SSL or TLS versions are outdated, there is a high chance that this might cause the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. Luckily, this has a very easy fix.
Run a server test with SSL Labs and look for the versions which are present on your website by accessing the configuration section. If outdated versions are enabled, make sure to disable them and return to your website to see whether it works or not.
Check Your RC4 Cipher Suite
The same goes for the RC4 Cipher Suite. Chrome displays the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error if the RC4 Cipher Suite is present, as it was described as insecure a long time ago and removed from most websites.
Check your site with SSL Labs. If the RC4 Cipher Suite is still checked, disable it right away and give the site a refresh.
There’s a chance that you cannot disable this cipher because no other ciphers are selected. In this case, select other ciphers and deselect the RC4 one afterward.
Clear the SSL State
Clearing SSL state on your browser is similar to clearing cache data. SSL state data might get disorganized and outdated, and it can lead to errors like the ERR_SSL_VERSION_OR_CIPHER_MISMATCH. To clear this data, do the following:
1. Open Google Chrome
2. Access “Settings” and select “Show Advanced Settings”
3. Navigate to “Network” and click “Change Proxy Settings”
4. In the dialog box, go to “Content”
5. Click on “Clear SSL State”
6. Save your changes and restart Google Chrome
A Clean OS Install
If you are running a vastly outdated operating system, TSL 1.3 technology might not be compatible with it, thus resulting in the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
The only solution would be to install a clean, updated version of your OS that uses the latest SSL certificate technology.
The latest operating systems in 2019 like Windows 10 or Mac OS X would be the most appropriate OS versions according to today’s tech requirements. Even though it is a radical move, it can definitely solve your issue.
Browser Updates
Just as in the case of an OS, an outdated browser could lead to the same consequences. To make sure that everything is alright, keep your browser updated at all times. The err_ssl_version_or_cipher_mismatchERR_SSL_VERSION_OR_CIPHER_MISMATCH issue often shows up when you use an old version of your browser.
Generally, Google Chrome updates automatically, but if you disabled this function, you will need to do it by hand. The browser will notify you if there’s a pending update you should review. Follow these steps:
1. Open Google Chrome
2. Go to the main menu
3. Click “Update Google Chrome”. If the button is not present, you already have the latest version installed
4. Restart your browser
Disable Your Antivirus Temporarily
Your antivirus might be the reason why you get anERR_SSL_VERSION_OR_CIPHER_MISMATCH error as well. Though not recommended, you can disable your antivirus until you can figure out a permanent solution to this problem. Certain antivirus software can create an additional layer between the browser and the web server, thus blocking communication.
Note that the cause of the error is likely not related to a virus, but to denying access because of that additional layer, also known as a “false positive”. To turn off your antivirus, go to your antivirus program’s settings and disable the traffic control option.
Final Thoughts
The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error can be quite tricky to fix if you don’t know the cause. This article listed the most common causes, so it should be a good starting point for solving the issue.
If none of these fixes worked for you, don’t stop there. Look for more information about the causes behind SSL/TLS version mismatches and see what you can do next. Remember, every problem has a solution.