Question

How to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH?

Answer 1

What is ERR_SSL_VERSION_OR_CIPHER_MISMATCH?What is the cause of the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error?How to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH error?What happens if the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error persists?Conclusion1. Verify the SSL/TLS certificate2. Set up SSL with Cloudflare3. Enable TLS 1.3 support4. Disable the QUIC protocol5. Clear web history and cache6. Disable your antivirus or firewall

---

SSL errors are common problems encountered by Internet users, including the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error .

Seeing this unknown error message in your web browser can be discouraging, but it is easy to resolve. Occurs when the web browser identifies a problem with the website's SSL certificate version .

In this article, we are going to look at six different methods to fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error , including what to do if the error occurs when opening your website.

What is ERR_SSL_VERSION_OR_CIPHER_MISMATCH?

Web browsers automatically check the website's SSL certificate every time you try to connect to it. It is a way to prove that the website you are accessing is authentic and has implemented the correct protocol to protect your connection.

This process is known as a TLS handshake . TLS (Transport Layer Security) is a protocol that ensures secure communication between a user's computer and a web server.

Assume that the user's browser and the web server do not support a common version of the SSL protocol or a cipher suite during the TLS protocol. In that case, the browser will automatically display the error message ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Error code	ERR_SSL_VERSION_O_CIPHER_MISMATCH
Error type	SSL
Error Variations	The client and server do not support a common SSL protocol version or cipher suite. X uses an unsupported protocol. err_ssl_version_or_cipher_mismatch
Causes of the error	Invalid SSL certificate Old version of TLS Outdated browser or operating system QUIC protocol Browser cache

What is the cause of the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error?

The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message is the browser's way of protecting you from accessing unsafe websites. 

Additionally, a website may use an unsupported version of a protocol that has security flaws, which may be harmful to your device or the information sent to the website.

There are several issues that cause a web server and a web browser to not support a common SSL protocol and therefore cause the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message :

• Invalid SSL Certificates – The domain's SSL certificate may be assigned to a different domain name alias, causing a certificate mismatch error.
• Old versions of TLS – The web server may be using an old version of TLS that newer web browsers no longer support.
• Outdated web browsers or operating systems – Older operating systems and web browsers may not support the latest version of TLS.
• QUIC Protocol – A Google project that acts as an alternative to common security solutions, but may cause the error.
• Web browser cache : The cached data may not reflect the security update of the web page.
• Antivirus program : Incorrect configuration of the antivirus program can trigger a false alarm resulting in the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error .

It is important to note that the error only occurs on websites that use SSL certificates and HTTPS encryption to protect access and exchange of information. Websites that use these ciphers have a lock icon in the URL bar.

The error can also occur on websites that use Cloudflare CDN (content delivery network) and security plugins.

How to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH error?

The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error is easy to fix despite its complicated and intimidating appearance for beginners.

Let's look at six ways to fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error .

1. Verify the SSL/TLS certificate

Checking the site's SSL/TLS certificate is a great starting point for troubleshooting the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error . If the SSL/TLS certificate is old or invalid, an error message may appear.

Use online tools like Qualys SSL Labs to run an SSL certificate check. This tool will qualify the SSL connection and detect if there are any mismatches with the server. It can also report if your SSL/TLS certificate is old and requires an update.

To use the Qualys SSL Labs tool, simply type your site's URL and wait until Qualys SSL Labs generates the server test results.

The test will inspect if the SSL/TLS certificate is valid and trusted. Next, you'll check three different aspects of your web server configuration: protocol support , key exchange support, and encryption support .

The Qualys SSL Labs tool will then calculate the results and present your score. Here is an example of a great SSL test result:

Using Qualys SSL Labs can also uncover common issues that can trigger the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error : SSL certificate name mismatch, TLS version is old, and RC4 cipher suite is enabled.

SSL certificate name no match

Certificate name mismatch is one of the common causes of the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error and the SSL Labs tool can diagnose it fairly quickly. Additionally, it will provide a notification about the mismatch.

Certificate name mismatch occurs when the domain name of the SSL certificate does not match the browser URL.

For example, if the domain name on the SSL certificate is www.example.com and you visit the website using https://example.com or another domain alias.

To prevent this, redirect traffic from www.example.com to the correct URL, https://www.example.com . Wildcard certificates also avoid this problem by allowing multiple hostnames under a single certificate.

Use Google Chrome DevTools if you want to check the domain names of the current site certificate:

1. Right-click anywhere in the web browser window and click Inspect .
2. Open the Security tab .

3. On the Security tab , you'll see certificate validation and connection settings, including the TLS version. Click View Certificate to view certificate information.

4. A new window will open. Go to the Details tab .
5. Find and click Certificate Subject Alternative Name . Registered domain names will appear in the box below.

Another possible cause of a certificate name mismatch is if the domain points to an old IP address where the site no longer exists. Simply point the domain name of the old IP address to the new one to solve the problem.

Old version of TLS

The SSL Labs test identifies the current version of TLS running your website. It should at least work with TLS 1.2 , since modern browsers have stopped supporting TLS 1.0 and TLS 1.1. If the site is still using an old version of TLS, the error ERR_SSL_VERSION_OR_CIPHER_MISMATCH may occur .

In this case, contact your web host to update the TLS version of the site.

RC4 cipher suite

The Qualys SSL Labs test also identifies the server's current cipher suite. If you are still using the RC4 cipher suite , we recommend disabling it and configuring the server to use a different cipher suite.

This is because Microsoft Edge , Google Chrome , and other browsers have removed support for the RC4 cipher suite as it is not considered secure .

That said, companies may still use the RC4 cipher suite. This is because updating the server configuration of a more complex environment is a complicated process that requires more time.

2. Set up SSL with Cloudflare

Incorrect configuration in Cloudflare and SSL settings can trigger the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error . If that is the case, the SSL Labs test result will indicate that the SSL certificate is invalid.

There are two ways to configure SSL based on your SSL classes, through the hPanel control panel and Cloudflare .

Via hPanel for Lifetime SSL

Reconfigure SSL through hPanel and the internal Cloudflare panel if you have installed Hostinger Lifetime SSL . Follow these steps to do it:

1. Access hPanel . Go to Websites and select the site whose SSL certificate you want to configure.
2. In the side menu of the control panel , go to Security → SSL.

3. Click Uninstall to disable SSL.

4. Select the domain name and click Install SSL to turn SSL back on.

Wait until SSL is activated for your domain. Next, purge the website cache through the Cloudflare control panel.

Once you're signed in to the Cloudflare dashboard, follow these steps to purge the cache:

1. Select Cache in the top panel of the dashboard.

2. Go to the Settings tab .
3. You'll find the Purge Cache section at the top. Select the Purge All button .

Wait a few minutes for the process to complete and the site should work again.

Via internal Cloudflare for universal SSL

If you have Cloudflare Universal SSL, you need to configure it in the internal Cloudflare dashboard. These are the steps to do it:

1. Sign in to your Cloudflare dashboard.
2. Select SSL/TLS in the top panel of the dashboard.

3. Go to the Edge Certificates tab .
4. Scroll to the bottom and you will find the Disable Universal SSL option . Click Turn off Universal SSL in the right column.

5. Wait a few minutes for the process to finish and activate it again by pressing the Activate Universal SSL button .

6. Proceed to purge the cache. Select Cache in the top panel of the dashboard.
7. Go to the Settings tab .
8. You'll find the Purge Cache section at the top. Select the Purge All button .

After completing all these steps, wait a few minutes and visit your website again to make sure the issue is resolved.

3. Enable TLS 1.3 support

TLS provides a secure connection between your browser and the web server. This layer is the direct successor of SSL technology.

Most web browsers, such as Google Chrome , already support TLS 1.3. However, if you are using an older version of Chrome, follow these steps to enable TLS support for your browser:

1. Open Google Chrome .
2. Type chrome://flags in the Chrome address bar and press Enter .
3. Search for TLS by typing in the search field.
4. Set TLS 1.3 support to On .

In some cases, the website you want to visit runs on TLS 1.0 or TLS 1.1. Newer browsers will reject the connection and may trigger the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message .

Newer versions of Google Chrome have a feature to apply removal of older versions of TLS. That said, you can disable it to connect to a website with an older version of TLS by following these steps:

1. Open Google Chrome .
2. Type chrome://flags in the address bar and press Enter .
3. Look for TLS .
4. Find Enforce deprecation of legacy TLS versions .

5. Click the drop-down menu and select Disable .

Another method is to enable all versions of TLS on the system. Here are the steps to do it:

1. Use the Windows search bar and type Internet Options .
2. Select Internet Options .
3. The Internet Properties dialog box appears . Open the Advanced tab .
4. You will see a box with a list of checkboxes. Scroll down until you find the Use TLS items .

5. Check all TLS versions and click OK .
6. Restart Chrome for the new settings to take effect.

Warning! We do not recommend maintaining this setting as it is not a safe web browsing measure. This method only confirms whether the old version of TLS on your web page is the main reason for the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message.

4. Disable the QUIC protocol

The QUIC (Quick UDP Internet Connection) protocol is an experimental project developed by Google to improve the connection of web applications that use the User Datagram Protocol (UDP).

Although QUIC is known as an excellent alternative to other well-known security solutions, such as TCP, HTTP/2, and TLS/SSL, this protocol often causes warnings to appear, such as ERR_SSL_VERSION_OR_CHIPER_MISMATCH .

Disabling this protocol may fix the problem. These are the steps to disable it in Google Chrome:

1. Open Google Chrome and type chrome://flags in the address bar.
2. Search QUIC.
3. Find the Experimental QUIC Protocol .

4. Open the dropdown menu and select Disable .

Important! There are other methods to disable the QUIC protocol, such as using Application Control or Firewall Policy. However, we do not recommend using them as these methods require technical knowledge.

5. Clear web history and cache

Web history and browser cache store data from the websites you have visited. Cache data, which includes text, images or files, helps the browser load the website faster on the next visit.

However, storing the old cache is a bad habit, especially if the visited sites have already updated their system. If you don't clear the cache for a long time, it may cause SSL error and security risks.

Clearing the browser cache and restarting it can be a solution to resolve ERR_SSL_VERSION_OR_CIPHER_MISMATCH .

If you use Google Chrome, follow these steps to delete the cache:

1. Click the three vertical dots in the top right corner of Google Chrome, then select Settings .

2. Look for the Privacy and security section . Click Clear browsing data .

3. A pop-up window will appear. Check the Cached images and files option . Use the drop-down menu to select the time interval for deletion and click Clear data .

4. Restart Chrome to finish the process.

Try visiting the website after you have cleared the cache. If the error persists, you may need to clear the SSL state in your browser from the operating system settings.

1. In the Windows search bar, type Internet Options .
2. Select Internet Options .
3. The Internet Properties dialog box appears . Open the Content tab .

4. Click Clear SSL State , and then click OK .

6. Disable your antivirus or firewall

Incorrect configuration of antivirus software or firewall can cause connection security problems. One of them is the ERR_SSL_VERSION_OR_CHIPER_MISMATCH error .

Misconfiguration or the software certificates themselves can cause false alarms that may indicate that a secure website is dangerous.

If you want to check if it is causing the error, we recommend that you temporarily disable your antivirus software to avoid serious security problems.

That said, if your antivirus has automatic SSL scanning, disabling that feature should get rid of the error message without disabling the entire antivirus system.

What happens if the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error persists?

These six methods should be enough to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH in your browser. However, there may be cases where they do not solve the problem.

Older operating systems or browsers can also cause this error. To confirm if this is the issue, try opening the website on another updated device. If it works, then the error must have something to do with your browser or operating system.

Older versions of browsers may not support the latest version of technologies such as TLS 1.3. It is also possible that an old version of the operating system is the root cause, as modern browsers stop supporting them.

Reinstalling the browser should fix it. Simply uninstall the browser from your computer. Then download and install the latest version from the official website.

However, reinstalling the web browser won't fix it if you're running an older operating system like Windows XP or Windows Vista . Most likely, these operating systems are not compatible with the latest version of the browser. In this case, you need to upgrade the operating system to Windows 10 .

Important! In case you already have the latest version of the operating system and web browser, but the website still displays the error, we recommend that you contact our support team to help you resolve the issue.

Conclusion

The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error occurs when the web browser and web server do not support a common version of the SSL protocol.

It can occur on websites that use Cloudflare's content delivery network and security plugins. Some reasons include an old version of TLS, a certificate name mismatch, or an incorrect configuration in the website's SSL settings.

Fortunately, there are several methods to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH :

• Check your SSL/TLS certificate with Qualys SSL Labs. This will flag issues such as SSL certificate name mismatch and identify the current SSL/TLS version. Also, check if the domain points to an old IP address.
• Set up SSL with Cloudflare by installing a new SSL certificate if the old one is outdated. Disabling, re-enabling, and purging the SSL cache through the Cloudflare dashboard may also help resolve the issue.
• Enable TLS 1.3 support if you are using an older version of the web browser. Conversely, if you are using modern browsers and the website only supports TLS 1.0 or TLS 1.1, disable TLS 1.3 enforcement.
• Disable the QUIC protocol in your web browser.
• Clear your browser history and cache, as there may be some old settings interfering with the connection.
• Clear the ssl state.
• Temporarily disable your antivirus software to check if your antivirus settings trigger the error message. If you have automatic SSL scanning, disable it.
• Update your web browser and operating system to the latest version to support TLS 1.3.

Finally, don't be alarmed if you encounter an unknown error message like ERR_SSL_VERSION_OR_CIPHER_MISMATCH . Read the message carefully to find the appropriate solution to the problem. Without a proper fix, there is a high chance that the same error will occur again.