How to Fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error?
Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error Message Displayed on Google Chrome
Whenever someone visits an HTTPS enabled website, multiple things take place between the web server and the user’s browser for ensuring the validity of the SSL/TLS connection and certificate. For example, the TLS handshake, the verification of the certificate against the certificate authority, decryption of the certificate, etc.
For instance, misconfiguration or unsupported TLS version could be the reason why you see the “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” error.
Why Google Chrome Displays ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error Message?
Usage of an older browser or operating system could result in the “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” error message but it could also be due to various other reasons, as well. Also, you might face a variant of this error message:
- Error 113 (net::err_ssl_version_or_cipher_mismatch): unknown error
This means, the client and server fail to support a common SSL protocol version or cipher suite. Below are some of the reasons why “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” error message is displayed on Google Chrome and how to fix it.
The following four steps will help fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error.
Step:1 Verify Your SSL/TLS Certificate Configuration
If you come across this error, simply perform a verification of your installed SSL/TLS Certificate configuration. It’s recommended that you use a free SSL Check tool provided by Qualys SSL Labs. Put your domain name into the field “Hostname” and click on the “Submit” button.
Also, there is an option to hide your results from the public. Within a few minutes, it will scan your site’s SSL/TLS configuration on your web server and provide you the result.
Step:2 Verify Certificate for Name Mismatch
A certificate name mismatch could be a possible reason for this error. For instance, while migrating from one host to another, the certificate name mismatch happens and due to that, it may result in this “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” error. And, other reasons why a certificate name mismatch could occur are:
- The website doesn’t have an SSL/TLS certificate installed, but it shares an IP address with another site which has an SSL installed.
- Domain points to the old IP address where the site no longer exists and instead, another site is hosted.
- Different domain name alias is given for a site and it’s not included in the certificate.
- The website uses a CDN (Content Delivery Network), which doesn’t support SSL.
Step:3 Verify for Old TLS Version
It could be possible that the web server might be running an older TLS version, due to which it might be displaying the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message. Ideally, TLS1.2 or TLS 1.3 must be running. Verify if it’s SSL 2, SSL 3, or TLS 1.0. If that’s the case, disable it on your server.
To verify, you can test using the SSL Labs tool and check under the configuration section. It will provide information on the TLS version.
Step:4 Verify RC4 Cipher Suite
Another major reason behind Google Chrome displaying the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message is that your server might be supporting the deprecated cipher RC4. You can verify by running a test in SSL Labs and under the cipher section, you can check for the RC4 cipher.
If you see that your server is supporting it, it’s recommended to disable the RC4 cipher, and if you can’t disable it, enable other ciphers.