SSL error is one of the many errors experienced by internet users. Although the appearance of the message in the browser makes users a bit worried, the steps to deal with it are actually quite easy.
In this article, we will discuss a quick and effective way to solve ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
What is ERR_SSL_VERSION_OR_CIPHER_MISMATCH?
Every time the website is accessed, the browser will automatically check the SSL certificate. This action is one way to prove the authenticity of the website accessed and whether the website has implemented the correct protocol to secure the connection.
If the protocol configuration on the website turns out to be insecure, the browser will automatically display an error message, for example ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
In fact, this message is the browser’s way of protecting its users from accessing unsafe websites.
Another cause is the version of the security protocol used. Most likely the version is an old version which will make the website as well as the device more vulnerable to security threats.
Keep in mind that the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message only appears if the website being accessed has SSL and HTTPS encryption installed to secure access and information exchange.
Websites that have this encryption enabled will have a lock icon in the URL bar.
Oh, yes, usually this error occurs in Google Chrome and Internet Explorer browsers.
Why Does the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error Occur in the Browser?
The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message can be caused by many things, from incompatible SSL certificates on device components to problems with system security settings, such as incorrectly configured firewalls and antiviruses.
Another cause that also often triggers this error is the QUIC (Quick UDP Internet Connections) protocol.
Not to forget, other factors such as outdated cookies and accumulated browser history also affect connection security.
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH?
Here are five ways to solve ERR_SSL_VERSION_OR_CIPHER_MISMATCH:
1. Check SSL certificate
The first way to analyze the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error is to check the SSL/TLS certificate. If the certificate used is outdated or damaged, you shouldn’t be surprised that there will be lots of errors popping up every time you access the internet.
Use SSL Labs to check SSL/TLS certificates.
This tool will check the SSL connection and do the detection on the server to check if there is something wrong. Not only that, SSL Labs will also inform you about the validity period of SSL/TLS and whether it needs to be renewed.
This is an example for ASPHostPortal SSL Lab Test report:
2. Activate TLS 1.3 Support
As the latest security layer of SSL technology, TSL (Transport Layer Security) creates a secure connection between the browser and the web server. If this feature is turned off, the browser will reject certificates from some websites. This is what then causes a number of problems.
Fortunately, most modern browsers, such as Google Chrome, come with TLS 1.3 by default.
It’s just that, if you have an older version of Chrome, you must follow these steps to enable the browser’s TLS support:
- Open Google Chrome
- When chrome://flags is in Chrome’s URL field, then press Enter
- Search for TLS
- Enable TLS 1.3 support
Unfortunately, this option is not available in the new version of Google Chrome.
For example, if you apply the four steps above on Chrome version 80.0.3987.1222, the only option you get is TLS 1.3 downgrade hardening. Its function is to ‘strengthen’ TLS 1.3 connections and allow downgrades to older TLS versions (set to default).
3. Disable QUIC Protocol
The QUIC (Quick UDP Internet Connections) protocol is an experimental project by Google that can send simple packages using the User Datagram protocol (UDP) without requiring a connection.
While QUIC is known to be the best alternative to other security services, such as TCP, HTTP/2, and TLS/SSL, it does occasionally trigger mixed content warnings, including ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
Well, therefore, you have to turn it off to solve SSL certificate connection problems. Here are the steps (via Google Chrome):
- Open Chrome and type chrome://flags in the URL field, then press Enter.
- You will be redirected to the experimental features page. Search QUIC.
- Set the Experimental QUIC Protocol to the Disable option.
- Finished!
Another way to turn off the QUIC protocol is to use Application Control or Firewall Policy. However, since using these two methods requires you to be technically savvy, we do not recommend them.
4. Clear Your Cache
Web history and web cache will store site data accessed through the browser. This data can be text, images, or files. Enabling cache means speeding up access to open web pages.
Unfortunately, the stored data tends to be static and old data. Especially if the site has made some changes, the data doesn’t match. Caches that don’t get cleared can result in SSL errors and long-term security risks.
Clearing the cache on the device and restarting the browser will be the best solution to resolve ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
If this method doesn’t get rid of the error, clear the SSL State in the browser.
Here are the steps (for Google Chrome version 80.0.3987.122):
1. Hover over to the top-right corner of Chrome’s screen, click the 3 dots, and select Settings.
2. Scroll down to the Settings area and find and then click on the Advanced option.
3. Click Open Proxy Settings. The Internet Properties dialog box will appear.
4. Click the Content tab. Ignore the other settings tabs.
5. Click Clear SSL State, then select OK.
5. Uninstall Antivirus and Disable Firewall
Misconfigured antivirus and/or firewall will also cause security issues, including ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
The warning that is displayed is also a fake warning because a safe website will be detected as a dangerous website.
The solution is to leave the firewall settings at default. Another option is to turn it off, but unfortunately this can result in some pretty serious security issues.
Also, if you install antivirus software or other security programs on your computer, the SSL scan feature will automatically activate. Turn off this feature to get rid of error messages on the website.
Although there are many ways to turn off automatic SSL scan, if your installed antivirus has an SSL Scan option, just set it to OFF.
Conclusion
The following is a summary of how to resolve ERR_SSL_VERSION_OR_CIPHER_MISMATCH:
- Check the SSL/TSL certificate. Make sure the version is the latest. Use the SSL Labs tool to check the version.
- If the browser version used is not the latest version, enable TLS 1.3 support.
- Turn off the QUIC protocol because it can cause SSL errors on some websites.
- Clear all history and browser cache. It could be that old configurations in cache are interfering with the connection.
- Turn off antivirus and check firewall configuration. Make sure all of these software are set to default. If the antivirus has an SSL auto scan feature, turn off the feature.
We hope above article can help you to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
Are you looking for an affordable and reliable Asp.net core hosting solution?
Get your ASP.NET hosting as low as $1.00/month with ASPHostPortal. Our fully featured hosting already includes
- Easy setup
- 24/7/365 technical support
- Top level speed and security
- Super cache server performance to increase your website speed
- Top 9 data centers across the world that you can choose.
Javier is Content Specialist and also .NET developer. He writes helpful guides and articles, assist with other marketing and .NET community work