How to Fix Chrome’s ERR_SSL_VERSION_OR_CIPHER_MISMATCH Errors

If you come across the error message ERR_SSL_VERSION_OR_CIPHER_MISMATCH when trying to access a website, it may be due to the site using an outdated and unsupported version of TLS.

Whenever you visit a website that uses HTTPS, there are several steps that take place between your browser and the webserver to ensure that the SSL/TLS connection and certificate are valid. These steps include the TLS handshake, verification of the certificate against the certificate authority, and decryption of the certificate.

What is the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error?

SSL errors can occur when your web browser detects an issue with the website’s SSL certificate. The SSL of a website is checked automatically by your browser whenever you try to connect to it. This is done to verify that the website is authentic and has implemented the correct protocol to secure your connection.

The process is known as a TLS handshake, which is a protocol that ensures secure communication between a user’s computer and a web server. Suppose your browser detects a misconfiguration or an unsupported version of the SSL. In that case, it may display an SSL error such as “ERR_SSL_VERSION_OR_CIPHER_MISMATCH”.

This error prevents you from accessing the site. These types of errors may appear slightly different depending on your browser and operating system.

Error variations

Other variations of this type of error include:

• Error 113 (net::err_ssl_version_or_cipher_mismatch): unknown error
• The client and server don’t support a common SSL protocol version or cipher suite.
• [This website] uses an unsupported protocol. Err_ssl_version_or_cipher_mismatch

What causes ERR_SSL_VERSION_OR_CIPHER_MISMATCH errors?

The error message “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” usually occurs on older web browsers or operating systems. This message is a security measure built into the browser to prevent you from accessing potentially unsafe websites.

It may indicate that the website is using an outdated or unsupported version of a protocol that has security vulnerabilities. This could cause harm to your device or compromise any information you provide to the website.

Causes of the “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” error message can include:

• Outdated operating systems or browsers
• Misconfigured or expired SSL certificates
• Outdated TLS versions
• Unsupported SSL protocols or cipher suites
• Google’s QUIC protocol
• Local network or device issues
• Cached browser data
• Antivirus programs and firewalls

It’s worth noting that this error only affects websites that use SSL certificates and HTTPS encryption, which can be identified by a padlock icon in the URL bar.

Services like Cloudflare CDN and other security add-ons can also contribute to this issue. By identifying the exact cause of the error, whether it’s an issue with the website or your own system, you can take the necessary steps to resolve the ‘ERR_SSL_VERSION_OR_CIPHER_MISMATCH’ error and safely access the website.

How to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH errors

Because the ‘ERR_SSL_VERSION_OR_CIPHER_MISMATCH’ error is often due to a problem with the web server or SSL configuration, you might not be able to fix it if you’re not the website owner. While there are some things you can do to correct problems on your end, it’s likely that the issue lies with the website, and you’ll need to wait until the owner resolves the issue.

Start with some basic troubleshooting to make sure the error’s not coming from a problem with your computer or network. Check the error between each step to see if it resolved the error.

Restart the computer and network connection

Sometimes, all you need is a fresh start. Restarting the computer and power cycling network devices like routers and modems can eliminate many possible problems.

Try an Incognito window

Try opening the website in an incognito window. This can bypass saved browsing data that may interfere with accessing the site.

1. Open Chrome on your computer.
2. Click on the “More” button (three vertical dots) at the top right corner, then choose “New Incognito Window.”
3. A new window will open. Verify that the Incognito icon (which looks like a spy or detective) is in the top corner.

Additionally, you can use keyboard shortcuts to open an Incognito window:

• For Windows, Linux, or Chrome OS: Press `Ctrl + Shift + n`.
• For Mac: Press `Command (⌘) + Shift + n`.

Clear browser history and data

Clearing your web history and cache in Google Chrome can often resolve issues like the ‘ERR_SSL_VERSION_OR_CIPHER_MISMATCH’ error. The browser cache, which stores data like text, images, and files from visited websites, speeds up page loading. However, outdated cache data can lead to SSL errors and pose security risks.

Here’s how to clear your cache in Chrome:

1. Click the three vertical dots in the top right corner of Google Chrome and select “Settings.”
2. Scroll down to the “Privacy and security” section and click “Clear browsing data.”
3. In the pop-up window, check the box for “Cached images and files.” Choose a time range for deletion from the drop-down menu and click “Clear data.”
   
   
4. Close and reopen Chrome to complete the process.

After clearing the cache, try reaccessing the website. If the error continues, you might need to clear the SSL state in your operating system:

1. Use the search in the taskbar and type “Internet Options,” then select it.
2. In the Internet Properties dialog, go to the “Content” tab and click on “Clear SSL State,” then confirm by clicking “OK.”
   
   

Update your browser

Update to the latest version of your browser to ensure the broadest support and best experience. Outdated browsers may not support current SSL/TLS protocols.

To update Google Chrome:

1. Open Chrome on your computer.
2. Click the “More” button (three vertical dots) at the top right corner.
3. Select “Help” followed by “About Google Chrome.”
4. Click the “Update Google Chrome” button if available. (Note: If this option is not visible, it means you are already using the latest version.)
5. Finally, click “Relaunch” to complete the update process.

Check your system date and time

Make sure that the computer’s time and date are accurate. A mismatch could cause ERR_SSL_VERSION_OR_CIPHER_MISMATCH errors.

On Windows:

1. Click on the Start menu (Windows icon) and select “Settings” (gear icon).
2. In the Settings window, click on “Time & Language.”
3. Date & Time Settings:
   1. Automatic Setting: To have Windows set the date and time automatically, ensure the toggles for “Set time automatically” and “Set time zone automatically” are switched on. This requires an active internet connection.
   2. Manual Setting: If you need to set the date and time manually, turn off “Set time automatically.” Then, click “Change” under “Set the date and time manually” to input your preferred date and time.
4. If the time zone isn’t set automatically, you can select your correct time zone from the drop-down menu under “Time zone.”
5. For more detailed time settings like adjusting for daylight saving time, click on “Additional date, time, & regional settings.” This will direct you to the traditional Control Panel, where you can make further adjustments.
6. Once you have set the date and time, close the Settings window. Changes will be saved automatically.

On a Mac:

1. Click on the Apple icon in the top left corner of your screen, then select “System Preferences” from the drop-down menu.
2. Click on the “Date & Time” icon. If this section is locked, click the lock icon at the bottom left of the window and enter your administrator password to make changes.
3. Check or Set Date and Time:
   1. Automatic Setting: For automatic date and time, check the box “Set date and time automatically.” Ensure your Mac is connected to the internet for accurate synchronization.
   2. Manual Setting: If you prefer to set the date and time manually, uncheck the automatic setting box. You can then click on the current date and time to adjust them manually.
4. Go to the “Time Zone” tab to ensure your Mac is set to the correct location. You can set the time zone automatically by checking “Set time zone automatically using current location” or manually clicking on the map.
5. Your changes will be saved automatically. Close the window when you are done.

Hopefully one of the general troubleshooting tips above solved the problem. If not, there are a few more things you can try.

Clear Chrome’s SSL state

Clearing the SSL state in Chrome can help resolve synchronization issues and fix errors like ‘ERR_SSL_VERSION_OR_CIPHER_MISMATCH’.

Here’s how you can clear the SSL state on Windows:

1. Click the Windows icon, type “Internet Options,” and press Enter.
2. Go to the “Content” tab and click on “Clear SSL state,” then press “OK.”
   
   
3. Close and reopen Chrome to apply the changes.

Mac users can delete certificates manually:

1. Go to Finder, select “Go” from the top menu, then “Utilities,” and open “KeyChain Access.”
2. In the KeyChain Access window, click “System” in the left pane.
3. Find the certificate you wish to remove, click on it, select “Edit” from the menu bar, and click “Delete.” Confirm the deletion when prompted.
4. Enter your password to authorize the changes to the keychain.
5. The certificate should now be removed from the list.

Restart Chrome and see if that resolves the error. These steps should be taken cautiously, especially when removing certificates on a Mac, as incorrect changes can affect your system’s security.

Enable support for TLS 1.3

Enabling TLS 1.3 support in your browser is an important step for secure web browsing. TLS (Transport Layer Security) is the updated version of SSL technology, providing a secure connection between your browser and web servers.

Here’s how you can enable TLS 1.3 in Google Chrome, particularly if you’re using an older version:

1. Start by launching the Chrome browser.
2. In the address bar, type `chrome://flags` and press Enter.
3. In the search field on this page, type “TLS” to find the relevant settings. Look for TLS 1.3 and set it to ‘Enable’.

However, be aware that some websites still run on older TLS versions like 1.0 or 1.1. Newer browsers may reject connections to these sites, leading to the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. To address this:

1. In Chrome, type `chrome://flags` in the address bar again and press Enter
2. Search for TLS
3. Find the option for ‘Enforce deprecation of legacy TLS versions’. Set this to ‘Disable’.

Another approach is to enable all versions of TLS in your system settings:

1. Click the Windows icon, type Internet Options, and press Enter.
2. Go to the ‘Advanced’ tab in the Internet Properties dialog box.
3. Find the ‘Use TLS’ items in the list, check all available TLS versions, and click ‘OK’.
   
   

After making these changes, restart Chrome for the new settings to take effect.

Caution: While enabling all TLS versions can help identify if an outdated TLS version is causing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, it is not a recommended long-term browsing setting. Older TLS versions can expose you to security risks, so this method should only be used for diagnostic purposes.

Disable Chrome’s QUIC protocol

Disabling the QUIC (Quick UDP Internet Connections) protocol in Google Chrome might resolve issues like the ‘ERR_SSL_VERSION_OR_CIPHER_MISMATCH’ error. QUIC, developed by Google, aims to enhance web application connections using UDP (User Datagram Protocol). While it’s an advanced alternative to TCP, HTTP/2, and traditional TLS/SSL, QUIC can sometimes cause browser warnings.

Here’s how to disable QUIC in Google Chrome:

1. Launch your Chrome browser.
2. In the address bar, enter chrome://flags and press Enter.
3. Use the search function on this page to look for “QUIC.”
4. Locate the ‘Experimental QUIC Protocol’ setting and select ‘Disable’ in the drop-down menu.
   
   

Temporarily disable antivirus software and firewall

If you continue to encounter the ‘ERR_SSL_VERSION_OR_CIPHER_MISMATCH’ error after trying other solutions, it might be worthwhile to disable your antivirus or firewall temporarily. Sometimes, antivirus programs can interfere with your browser’s secure connections due to their own security layers or certificates.

General instructions for turning off antivirus protection:

The steps can vary depending on the antivirus program you use, but here’s a general guide:

1. Usually, you’ll find it in the system tray on the taskbar (bottom-right corner of your screen). It may be hidden, in which case you’ll need to click the upward arrow to show all tray icons.
2. Right-click the antivirus icon and select the option to open the main antivirus window.
3. Look for a settings or configuration tab. This is often indicated by a gear icon.
4. Find the section for real-time protection or similar. There should be an option to turn it off. Some programs may ask you to specify how long you want to disable protection.

Turning Off Firewall on Windows:

1. Type “Control Panel” in the Windows search bar and open it.
2. Click “System and Security,” then “Windows Defender Firewall.”
3. In the left sidebar, click “Turn Windows Firewall on or off.”
   
   
4. Choose “Turn off Windows Defender Firewall” under both private and public network settings. Be cautious with this setting, especially on a public network.
5. Click “OK” to apply the changes.

Turning Off the Firewall on a Mac:

1. Click on the Apple icon in the top left corner of your screen and select “System Preferences.”
2. Click on the “Security & Privacy” icon.
3. Click the “Firewall” tab. You might need to unlock the settings by clicking the lock icon in the bottom left corner and entering your administrator password.
4. Click “Turn Off Firewall” to disable it.
   
   

Important Notes

• Remember to turn your antivirus and firewall back on as soon as you’ve completed the task that required their deactivation.
• If you are unsure or uncomfortable with these steps, it may be wise to consult with a tech professional.
• Regularly check for and install updates for your antivirus and firewall to ensure you have the latest protection.

Disabling these security features should only be a temporary measure for troubleshooting specific issues and not used as a long-term solution.

Update to a newer operating system

Upgrading to a newer operating system is crucial for maintaining online security and compatibility with current technologies like TLS 1.3 and modern cipher suites. Older operating systems become outdated and lose support for these technologies, leading to issues with SSL certificates and secure connections. For instance, Google Chrome ceased support for Windows XP in 2015.

An up-to-date operating system ensures that your browser and other applications can utilize the latest security protocols, providing better protection against vulnerabilities. It’s advisable to upgrade to recent versions of operating systems, such as Windows 10 or the latest version of macOS, to ensure compatibility with new technologies and continued support for security updates.

This upgrade enhances online security and provides smoother and more efficient computer operation.

How to resolve ERR_SSL_VERSION_OR_CIPHER_MISMATCH errors on a site you own

If you own the site experiencing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error it’s important to get the site up and running as soon as possible to mitigate any potentially negative impact on SEO or user experience. This error indicates a problem with SSL, so start by verifying the certificate works and is configured correctly.

Check the SSL certificate

When encountering the ‘ERR_SSL_VERSION_OR_CIPHER_MISMATCH’ error on your own website, a smart first step is to check the SSL certificate using an online tool like Qualys SSL Labs. This straightforward process involves entering the website’s URL into the tool, which then analyzes the site’s SSL/TLS certificate and server configuration.

The analysis covers several key areas:

• It checks if the SSL/TLS certificate is valid and trusted.
• The tool examines the website’s support for protocol, key exchange, and ciphers.

Qualys SSL Labs rates the SSL connection and identifies potential mismatches or issues with the server. It can also reveal if the SSL/TLS certificate is outdated and needs an update. Common problems detected by the tool include:

• SSL certificate name mismatches.
• Usage of old TLS versions.
• The presence of the now-obsolete RC4 cipher suite.

For privacy concerns, there’s an option to hide the test results from public view. Be aware that the scanning process might take a couple of minutes. This tool is an effective way to diagnose and understand SSL-related issues, helping to ensure a secure and reliable website experience.

Check for mismatched certificate names

The domain name in the SSL certificate should match the website’s URL. A common cause of the ‘ERR_SSL_VERSION_OR_CIPHER_MISMATCH’ error is a certificate name mismatch, where the domain name on the SSL certificate doesn’t align with the URL in the browser. Tools like Chrome DevTools or SSL Labs can help identify and diagnose this issue. Mismatches can occur in various scenarios, such as:

• The site doesn’t use SSL but shares an IP address with a site that does.
• The site doesn’t have an SSL certificate, but it shares an IP address with a different website that does use SSL.
• The site no longer exists, but its domain still points to an old IP address, now used by a different site. Updating the domain to point to the correct IP address can resolve this.
• The site uses a CDN that lacks proper SSL support or is misconfigured.
• The alias used in the certificate doesn’t match the actual site name.

For instance, a mismatch happens if the SSL certificate lists `www.example.com`, but you access the site via `https://example.com`. Redirection from non-www to www (or vice versa) or using wildcard certificates that cover multiple hostnames can prevent this problem. To manually inspect the certificate, use Chrome DevTools:

1. Right-click in the browser window and select “Inspect.”
2. Navigate to the “Security” tab to view certificate validation and connection settings.
3. Click “View certificate” and then the “Details” tab.
   
   
4. Look for “Subject Alternative Name” to see the registered domain names.
   
   

While wildcard certificates offer flexibility, for most sites, the domain names should match exactly. If the error prevents checking via Chrome DevTools, SSL Labs remains a valuable alternative for this analysis.

Check your TLS version

A key factor that might cause the ‘ERR_SSL_VERSION_OR_CIPHER_MISMATCH’ error is the use of an outdated TLS (Transport Layer Security) version on the web server. Modern security standards recommend using at least TLS version 1.2, preferably TLS 1.3, for optimal security and compatibility.

Websites operating on older TLS versions are more likely to encounter this error. For those using services like 10Web, the TLS versions are routinely updated to the latest supported versions, alleviating concerns about outdated protocols.

However, if you’re not using such a service, it’s essential to check the TLS version of your site. You can use tools like Qualys SSL Labs, which assess the server’s configuration and display the current TLS version.

If the tool indicates an outdated version, you should contact your web hosting provider and request an upgrade to a more recent TLS version.

Check RC4 cipher suite

The error message ‘ERR_SSL_VERSION_OR_CIPHER_MISMATCH’ may appear if your website server uses the RC4 cipher suite. This outdated encryption method has been recognized as insecure and, as a result, was removed from Google Chrome (beginning with version 48).

Although it is now uncommon to use this cipher suite, some larger enterprise systems may still be using RC4 due to the slow pace of updates and upgrades in complex IT environments.

It is highly recommended by security experts, as well as companies like Google and Microsoft, to avoid using RC4. If your server still relies on this cipher suite, it is best to disable it and switch to a more secure and up-to-date option. To determine if your server is using RC4, you can use tools such as Qualys SSL Labs, which offers detailed information on your server’s current cipher suite configuration.

Configure Cloudflare and SSL

Configuring SSL correctly with Cloudflare is crucial to avoid the ‘ERR_SSL_VERSION_OR_CIPHER_MISMATCH’ error. Misconfigurations in Cloudflare’s SSL settings can lead to this error, often indicated by SSL Labs test results showing the SSL certificate as invalid. If you’re using Cloudflare’s Universal SSL, here are the steps to configure it properly:

1. Log into your Cloudflare account and go to the dashboard.
2. In the top panel of the dashboard, click on the SSL/TLS option.
3. Go to the Edge Certificates tab.
4. Scroll to the bottom of this tab and click “Disable Universal SSL” in the right column.
   
5. After a few minutes, reactivate Universal SSL by clicking “Enable Universal SSL.”
6. Go back to the main panel and select “Caching.” Under the Configuration tab, find the “Purge Cache” section and click “Purge Everything.”
   
   

Key takeaways

The ‘ERR_SSL_VERSION_OR_CIPHER_MISMATCH’ error is a problem that can occur when there is a disagreement between the SSL protocol version used by your web browser and the server hosting a website. This error is common but can be fixed. There are several reasons why this might happen, such as outdated TLS versions, SSL certificate mismatches, or configuration errors.

To fix SSL/TLS errors, you can try these steps:

1. Check SSL/TLS Certificates using tools like Qualys SSL Labs.
2. Configure SSL with CDN, if necessary.
3. Update your browser and system.
4. Adjust browser settings like enabling TLS 1.3 or disabling QUIC.
5. Temporarily disable antivirus programs that may interfere with SSL/TLS protocols.

Encountering technical errors such as ERR_SSL_VERSION_OR_CIPHER_MISMATCH can be overwhelming, but with the right approach, they are often solvable. Have you encountered this error before? If so, what worked for you? Please share your experiences or any additional tips in the comments below.