How To Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Table of Contents
Not being able to access a website can get pretty frustrating. A common error code that may appear when you’re trying to reach a website is:
ERR_SSL_VERSION_OR_CIPHER_MISMATCH usually appears when there’s a mismatch between the SSL certificate and the browser. A website’s SSL certificate is checked by the browser to ensure that the website can offer secure connection for the user. This means that any private details you may enter – from passwords to credit card information – remain safe and private.
However, the browser may distrust a website’s SSL certificate for a number of reasons, which we’ll briefly go over in the next section.
As annoying as this error message is, there are a few simple ways to fix it! Whether it’s popping up on your own website or another web page you’re trying to visit, just try one of these easy solutions to get it fixed!
What Does ERR_SSL_VERSION_OR_CIPHER_MISMATCH Mean?
The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error means that the server and the client have failed to establish a secure connection. This happens during the TLS handshake – a process that takes place when you access a website, wherein the SSL certificate is checked against the issuing authority by the browser.
The main reason this happens is when the browser and server don’t have a cipher in common, i.e. can’t understand each other’s languages. This may happen if the SSL certificate is using an outdated, older code, or if the browser or operating system are old versions that may not support some up-to-date certificates.
Here are several reasons that may be causing this issue:
- Your browser or operating system are older versions that don’t support new formats.
- The browser doesn’t recognize the certificate’s issuing company/authority.
- The certificate type is outdated.
- Your antivirus has some problems with the website you’re trying to access.
So let’s look at some ways in which you can fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
How To Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Check if Your Browser is Up-To-Date
Let’s start with the easiest solution you can try – checking if your browser is up-to-date. We will use Chrome as an example.
While Chrome normally updates itself automatically, you may have automatic updates turned off, or it may have failed to update due to a random glitch. An older version of Chrome (or any browser) may be causing this error code to appear.
To check if Chrome is up-to-date and update it:
- Go to Chrome browser menu > Help > About Google Chrome.
Open Help to see if Google is up-to-date
- Check for updates. As soon as you open the window, Chrome will automatically check if it’s up to date. If it isn’t, it will automatically start updating itself – or if you’ve disabled automatic updates, you’ll have to click on Update to proceed.
Chrome will check for updates, and then automatically update itself
- Relaunch your browser. Once Chrome is updated, you need to restart the browser for the changes to take place. Click on Relaunch.
Relaunch Chrome to implement the latest updates
- Re-open the website. At this point, you can try re-opening the website that was displaying the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. If the issue was an outdated browser version, you’ll now be able to access the website!
Clear the SSL State On Your PC
Another easy way to try to fix this error is by clearing the SSL state on your PC. This is another solution based on the premise that the issue is with the browser rather than the server (i.e. the SSL certificate itself).
Sometimes, your browser cache can tip the scales and cause a glitch. Same goes for the SSL state. Here’s how to clear the SSL state on your PC:
- Go to Control Panel > Internet Options > Content from the top tab options.
- Click on Clear SSL state, then press OK.
Clear the SSL state from your PC to fix the error
- Relaunch your browser. Restart Chrome (or any browser you’re using) and try opening the website that was displaying the error message. Hopefully, this worked!
Run an SSL Server Test
If none of the previous solutions worked, it may mean that the issue is with the SSL certificate. This method is something you can try for any website, but it’s especially useful if the error is appearing on your own website. A free SSL server test can help you figure out what the problem is, and how to fix it.
Qualys offers free SSL server tests. All you need to do is enter your website domain, and hit enter.
Qualys offers a free SSL server test
The website will take a couple of minutes to process the information, and then show you the results.
This is what you results will look is everything is fine
While our website’s SSL report, as you can see, shows good performance, it’s not always the case. If there are any issues, Qualys will specify them.
A common issue that causes the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error is a certificate name mismatch. This can happen if:
- The website no longer exists, but the domain is still connected to its old IP address, where a new website is hosted.
- The CDN (content delivery network) used by the site doesn’t support SSL.
- The website doesn’t use SSL, but the IP address is shared with a site that does.
- The alias of the domain name is different from the name, and the alias was not specified when the SSL certificate was obtained.
There’s another easy way to check if the issue is a certificate name mismatch.
Check if There’s A Certificate Name Mismatch
The easiest way to check if there’s a certificate name mismatch is:
- Open the website, then go to Chrome Settings > More Tools > Developer Tools. Alternatively, just right-click anywhere on the website and select Inspect.
- Select Security from the tabs on the top of the window, then click on View Certificate.
Certificate name matches
As you can see, the name of the website’s domain (bbc.com) matches the name that the certificate is issued to (bbc.com).
If there’s a mismatch between the domain name and the name that the SSL certificate has been issued to, this may cause the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
However, this is not always the case. Remember when we mentioned the website alias? Like, a minute ago? Let’s reiterate:
This error message can be caused if the alias of the domain name is different from the domain name, and the alias was not specified when the SSL certificate was obtained.
So to make sure that the issue is caused by certificate name mismatch, you should always check the alias, too.
So, let’s assume that the certificate is issued to a name that is not the same as the domain name you entered, like in this case:
The certificate was issued to a domain which isn’t domainnameinsanity.com
As you can see, the certificate wasn’t issued to the domain name of our website, domainnameinsanity.com. But this doesn’t mean that we have trouble with the SSL certificate. Why? Because dommainnameinsanity.com is listed as an alias to the domain name.
To check if the alias has been specified when the certificate was issued, open Details > Subject Alternative Name. A list will appear on the bottom, and check if the alias is listed.
The alias domain name is specified under Subject Alternative Name
Check if TLS 1.3 Support is Enabled
While most browsers already have TLS 1.3 enabled, an older browser version may not.
TLS (Transport Layer Security) is that TLS handshake we mentioned earlier – it checks the website certificate against the certifying authority, so as to ensure that the connection between the client (browser) and the server is secure.
To enable TLS 1.3 support:
- Open Chrome and type chrome://flags into the search bar.
- Click CTRL+F and type in TLS 1.3 to find the bar quicker.
- From the scroll-down menu, make sure that it’s marked Enabled.
Older TLS Versions
While most current websites use 1.3 TLS, some use older versions, such as TLS 1.2. Check if the website’s TLS is one of the older versions, and then enable the support for the matching TLS from the same chrome://flags window.
Keep in mind, however, that older TLS versions are not as secure! So proceed with caution, and if you are the website’s owner, update your TLS!
Disable Antivirus Temporarily
As helpful as antivirus software is, it may be messing with your browser settings.
Sometimes, in addition to the regular TLS handshake and SSL certificate security procedures, antiviruses add additional layers of protection filters, which may be causing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
Try temporarily disabling your antivirus program and try accessing the website again. If it opens, the problem was likely caused by the program’s security settings.
View Related Articles
But what are redirects, and why are they important? What are the different types of redirects? We’ll fill you in on everything you need to know about redirects, and most importantly – how to do them on your WordPress site.
What are the benefits of opting for a dedicated IP? And perhaps most important of all – do you really need one? Let’s take a closer look at all the questions surrounding dedicated IPs so that you can better understand who needs a dedicated IP and when.
Creating a website and publishing it online may sound intimidating. Beginners often worry that they need a lot of technical know-how and a decent level of programming skills to get a website up and running. However, this hasn’t been true for a long, long time.