If you see an error in your browser stating ‘err_ssl_version_or_cipher_mismatch’, then you have an SSL certificate problem. This troubleshooting guide will explain how SSL certificates and TLS work to safely connect websites to users. You will find 7 reasons and 7 solutions, aimed at both website administrators and end-users to help resolve this pesky browser error.
What does err_ssl_version_or_cipher_mismatch mean?
The err_ssl_version_or_cipher_mismatch browser error is technically an SSL certificate error, but it can be linked to a few different causes. To give you a good understanding of this error, let’s start with the basics of SSL certificates and TLS protocols.
SSL Certificates
Secure Sockets Layer (SSL) certificates are an important part of cybersecurity. Every secure domain will have an SSL certificate to authenticate the website. A website’s information is encrypted during data transfer and needs to be decrypted at the destination with the proper decryption key.
Anytime you access a website, look at the address bar. Any domain name with a padlock and HTTPS protocol is protected using an SSL certificate. When entering personal information of any kind, you want to be sure that you are using a website with an SSL certificate.
TLS Protocols
TLS stands for Transport Layer Security and is a cryptographic protocol that encrypts data sent across the internet. TLS protects data from sender to receiver to prevent any malicious actors from altering or seeing the data that is being sent. TLS is actually the successor of SSL. SSL 3.0 was used until 2015, when it was finally depreciated. TLS 1.2 should now be used over any previous cryptographic protocols, but TLS 1.3 may replace TLS 1.2 in the next few years.
What causes the err_ssl_version_or_cipher_mismatch error?
Seven primary reasons may cause the err_ssl_version_or_cipher_mismatch error in a browser:
- Outdated operating system or browser. (For end-users)
Outdated browsers and operating systems may not properly support updated TLS protocols. - Outdated TLS version. (For website administrators)
If your website server uses an older version of TLS, namely 1.0 or 1.1, that is no longer supported by newer browsers, this error may plague your users. - Invalid SSL Certificate. (For website administrators)
Check that your SSL certificate is valid and has not expired, as users cannot access your site without a valid SSL. - SSL Certificate domain name mismatch. (For website administrators)
When you purchase your SSL certificate, you provide a domain name. If the domain name of your website does not match what was assigned to your SSL certificate, this error (or another SSL error) may appear. - Outdated Browser Cache. (For end-users)
Clear your browser cache in case the website’s SSL has been updated. - Antivirus Interactions. (For-end users)
Antivirus software can block websites and trigger this SSL certificate if misconfigured.
Proven solutions to fix the err_ssl_version_or_cipher_mismatch error
The solutions presented in this guide are broken down into solutions for either website administrators or end-users.
Website administrators will be able to resolve the err_ssl_version_ or_cipher_mismatch error when caused by SSL certificate issues, SSL certificate domain name mismatches, TLS version mismatches, and RC4 cipher suite issues.
End-users will find solutions to resolve the error if it is caused by an outdated operating system or browser, browser cache issues, or antivirus interference issues.
For website administrators
1. Check that your SSL certificate is valid
You can verify the SSL status for your website by using an easy tool provided by Qualys, Inc.:
- Open Google Chrome and navigate to the SSL Server Test provided by Qualys SSL Labs located at https://www.ssllabs.com/ssltest/.
- Enter your website’s address into the Hostname field and press the Submit button.
- Review the SSL report, including summary and certificate information. Under your certificate, check that Trusted is green and marked as Yes and that Revocation Status is Good (Not revoked).
2. Check for SSL certificate domain name mismatch
Your website may have a valid SSL certificate, but if the domain name doesn’t match the certificate or it comes from an untrusted provider, your website may still display this error. You can also check for this mismatch using the SSL Server Test tool from the first solution. Or you can easily identify a domain name mismatch from your SSL certificate by following these steps in Google Chrome:
- Open Google Chrome and enter your website’s URL address into the address bar. Press Enter to attempt to reach your website.
- When the website displays the err_ssl_version_ or_cipher_mismatch error, a “Not Secure” message and a caution symbol will be displayed first in the address bar. Click on this warning.
- In the drop-down menu, find and click on Certificate (Invalid).
- A window will open and display SSL certificate details for your site.
- Check that the domain name listed here matches the domain name in the address bar. If not, you will need to remove this bad certificate and install a new one.
If you are using a Wildcard SSL certificate, your SSL certificate may not be set up to cover the subdomain you are trying to access. For example, you may have different subdomains set up like store.site.com or internal.site.com. If your certificate was not properly and specifically configured to recognize both of these subdomains, the err_ssl_version_ or_cipher_mismatch error may be thrown. List all subdomains you intend to use for encryption on the SSL certificate.
3. Verify that your TLS version is not outdated
You need to check that your website’s SSL certificate encrypts communications using the correct TLS protocol. If your site is running an older version of TLS, your users may experience this error and be unable to access your site. In this solution, you will again be using the SSL Server Test from Qualys Labs:
- Open Google Chrome and navigate to the SSL Server Test tool provided by Qualys SSL Labs located at https://www.ssllabs.com/ssltest/.
- Enter your website’s address into the Hostname field and press the Submit button.
- Scroll down the SSL report page to the Configuration section. Find Protocols and check that your site supports a current version of TLS. Either TLS 1.2 or TLS 1.3 is acceptable.
- If your site does not support TLS 1.2 or 1.3, you may need to purchase another SSL certificate from a trusted provider. You can consult with support to make sure you select the SSL certificate with updated TLS protocols.
If you are looking for a trusted SSL certificate provider, check out DigiCert, Comodo SSL, Entrust, or Geotrust.
4. Check RC4 cipher suite
The RC4 cipher is no longer considered secure. If you cannot enable TLS 1.2 or 1.3, you will need to disable RC4 suites from your website server’s SSL configuration. Your website should not need RC4 except for legacy applications.
- Open Google Chrome and navigate to the SSL Server Test provided by Qualys SSL Labs located at https://www.ssllabs.com/ssltest/.
- Enter your website’s address into the Hostname field and press the Submit button.
- Scroll down the SSL report page to the Configuration section.
- Find Cipher Suites and check to see if your site is not using RC4 cipher suites. The first image below displays a domain using this insecure form of cipher, while the second image shows the correct application of TLS 1.2 and 1.3 cipher suites, namely AES.
- If your site fails this test, contact your SSL provider and see if you can get a new SSL certificate with the updated TLS and cipher suites.
For end-users
1. Check that Google Chrome and Windows 10 are up-to-date
If your operating system or browser is outdated, the err_ssl_version_ or_cipher_mismatch error may appear when you try to access certain websites. This solution will explain how to update Google Chrome and Windows 10. If you are not using Google Chrome, check out the documentation associated with updating your preferred browser:
To check that both are fully updated:
- Click the Windows icon on the taskbar and search for Windows updates. Select Check for updates.
- The settings page for Windows Update will open. Find and click Check for updates.
- Windows Update will search for any updates that need to be applied to your operating system. You will then be given the option to update.
- Next, open Google Chrome. Click the three ellipses in the right-hand corner and hover over Help. Click About Google Chrome.
- Google Chrome’s settings window will open. Google Chrome will automatically check for any updates and apply them with no further action on your part.
- Restart your computer if you have applied any Windows updates. Then, restart Google Chrome and check if the error has been resolved.
2. Clear SSL State and Browser Cache
A website may have updated its SSL certificate recently, while your browser still has cached information from that website from when you previously visited. The browser cache helps speed up connection and page load times, but you will run into errors if your browser cache and SSL state are outdated. However, if you know for a fact that you’ve never visited this specific site, this solution may not work.
To clear your SSL state and cache to eliminate this as the source of the err_ssl_version_ or_cipher_mismatch error problem:
- Click the Windows icon on the taskbar and search for Internet Options. Select Internet Options.
- The Internet Properties window will open. Navigate to the Content tab.
- Under the Certificates heading, find Clear SSL State. Click, and a pop-up window will open, telling you the SSL Cache Cleared Successfully.
- Next, open Google Chrome. Select the three ellipses in the top right corner and hover over More tools. Select “Clear Browsing Data…” from the options.
- Set your Time range to All Time and click Clear Data.
- Now try to access the website that was triggering the error previously to see if this has solved the problem.
3. Temporarily disable antivirus software
Antivirus software is an important security component of your computer. Without antivirus software, your system can become infected with malware. At the same time, antivirus software can also cause some unintended consequences. For example, your antivirus software may inadvertently interfere with outgoing and incoming connections, causing browser errors. To verify that your antivirus software isn’t causing the err_ssl_version_or_cipher_mismatch error:
- Open your antivirus software, which may be Malwarebytes, Avast, McAfee, Norton, or another option.
- Look for a setting called HTTPS Scanning. If this setting is turned off, toggle it on. If this setting is turned on, toggle it off.
- Open Chrome and see if you can connect to the website you were experiencing the error on.
HTTPS scanning is a feature that may be provided by your antivirus software. The software will decrypt all HTTPS connections and scan them to check for any malware. This may help your antivirus software to bypass any SSL certificate validation problem you may be experiencing. Conversely, HTTPS scanning can sometimes cause problems with browsers and need to be turned off.
Fixing the err_ssl_version_ or_cipher_mismatch error related to Cloudflare
Cloudflare offers excellent security features, including DDoS protection and SSL certificates. It also acts as CDN, speeding up the load speeds of your website or application.
Cloudflare works by sitting in between the end-user and the web address they try to reach. Because all web traffic flows through Cloudflare in this setup, it is critical that you configure settings correctly to avoid issues like the err_ssl_version_ or_cipher_mismatch SSL error.
1. Check Universal SSL settings
Cloudflare issues publicly trusted, free SSL certificates as part of their Universal SSL feature. To verify that your Universal SSL is active and configured correctly:
- Log in to your Cloudflare account.
- Navigate to the SSL/TLS section using the top menu.
- Click on Edge Certificates.
- Verify that your SSL certificate has Active status.
- While on the same tab, also make sure that Always Use HTTPS is enabled.
- Next, navigate to the overview tab and verify that the security mode is set to Full (strict) as recommended by Cloudflare.
For more information on Universal SSL, read Cloudflare’s documentation.
2. Consider purchasing an Advanced certificate
Universal SSL has some limitations, most notably when it comes to subdomain management because it only supports first-level subdomains like yourdomain.com or *.yourdomain.com. So, if you are trying to reach your page at *.*.yourdomain.com, you will run into an SSL error like err_ssl_version_ or_cipher_mismatch.
You can add SSL support for additional levels of subdomains by upgrading to an Advanced certificate or by uploading a Custom certificate.
If you need additional support with this issue, make sure to reach out to Cloudflare support. They have an excellent support team who will be happy to further assist you in resolving your err_ssl_version_ or_cipher_mismatch SSL error on Cloudflare.
Err_ssl_version_or_cipher_mismatch error solved
The solutions provided in this troubleshooting guide are designed to help both website administrators or developers and end-users fix the err_ssl_version_or_cipher_mismatch error. Website administrators need to check that their SSL certificate is valid and set to the correct domain name. They also need to check that their SSL certificate supports TLS 1.2 or 1.3 protocols and that the RC4 cipher suite is not in use. Users need to check that their browser and operating system are updated, clear their browser cache, and check their antivirus software for conflicts.
If you are a website administrator unable to identify the issue causing this problem, please contact the company you purchased your SSL certificate from. They will have a robust technical support department to help with complex SSL certificate authentication problems. If you are a user and still have not resolved this problem, you may need to reach out to the site’s administrator to see if they are aware of the problem.
