The ERR SSL VERSION OR CIPHER MISMATCH error occurs when a user’s browser is unable to establish a secure connection to a web server using HTTPS or SSL. The problem may lie in the configuration of the server or on a user’s computer locally.
Follow the easy solutions for fixing the ERR SSL VERSION OR CIPHER MISMATCH error in this manual.
Manual for fixing err ssl version or cypher mismatch.
Web Developer Solutions
You may get a report as a developer or webmaster that a user faced this error when trying to access your website. The error may also appear in the error logs on your Apache.
Usually err ssl version or cypher mismatch occurs when there is an issue with the SSL certificate or encryption modules. There are a few server-side actions that you can take to solve that problem.
Note: SSL stands for Secure Socket Layer, referring to the security of encryption in your browser. Cipher refers to the code used for data encryption and decryption.
Verify SSL Website Status
Use a free tool such as the Qualys SSL Labs Server Test. The tool examines the status and encryption of your certificates, and generates a report.
Since the tool tests several different areas at once, this is a great place to start. The report highlights the sections which need attention if you have errors.
Another way to check the status of SSL certificates is by navigating to your website and clicking in the search bar on the padlock.
It does look like this on Google Chrome:
Verifying the status of the Chrome SSL certificate to see if it is the cause of the error in ERR SSL VERSION OR CIPHER MISMATCH.
This method should only be used for prompt reference. We recommend using a dedicated tool, such as our Qualys SSL Labs tool.
Check for Name Not Matching Certificate
An SSL certificate shows your website is who it claims it is. The name of the website and the name on the certificate must correspond. The certificate will also have to come from a trusted provider.
There are a few reasons why the names might not match, which could generate the ERR SSL VERSION OR CIPHER MISMATCH error:
- If the domain does not use SSL but uses SSL for another domain with the same IP address.
- The domain points to an old IP address which it does not use anymore. There is no old website but another website has the old IP address of the first domain.
- The website uses a Content Delivery Network ( CDN), which does not support SSL.
- The site has an alias domain name which is not included in the certificate.
- Once you determine the problem source you can easily solve the problem.
Check TLS Version
TLS stands for Transport Layer Security, and is a security protocol used to encrypt website communications. The current version (as of the writing of this article) is TLS 1.3. If an older version of TLS is running on your site, it may cause the CIPHER MISMATCH error.
Most modern browsers are set to use the latest TLS version (where available on the site). If you don’t have your server configured to use TLS 1.3, consider updating the latest protocol.
Check RC4 Cipher Suite
RC4 Cipher is an old, simple tool for transit encryption. Significant vulnerabilities were identified.
Some organisations are still using RC4 for legacy applications but it is not supported by most modern browsers. If you are configuring a website to use RC4, an error may occur.
The best solution is to move the site from protocols RC4 to TLS 1.3. If you can not disable RC4 completely, add the TLS 1.3 protocol so that the err ssl version or cypher mismatch error isn’t triggered by modern browsers.
Inspect Security Certificate manually
To inspect your SSL Certificate manually, open your browser, load your webpage and follow these steps:
- Wherever on the page, right-click.
- Click Info on Page View.
- Choose Security tab.
- Click Certificate to view.
- Wherever on the page, right-click.
- Click Investigate.
- Click on the arrows > > to disclose more options in the Inspection pane near the top.
- Click on Security button.
- Click Certificate to view.
- Double-click the Upper-right padlock icon.
- Click on Show Certificate > Details in the window that appears.
- There will be no option to view the certificate if the site you are checking is not secure and has no certificate.
End User Solutions
The err ssl version or cypher mismatch error may appear due to an issue on the client side. The reason may be an older operating system version, or an outdated browser. Current TLS protocol versions are incompatible with the older browsers and operating systems.
Try out the solutions we list below to bypass the mismatch error.
Log in to a different computer
The easiest way to check whether only your computer has the problem loading a website is to try using another computer. The safest bet is to try out an operating system from a machine with a recent version.
If you can load the website without getting an error, use the suggestions in this guide to proceed with troubleshooting.
Delete your browser’s cache and cookies
Clearing the cache and cookies of your browser can help with problems regarding SSL certificates. The steps to find the clearing cache section may be different , depending on the browser and the version you are using.
For most browsers the hotkey combination CTRL+SHIFT+DELETE works. When the history or cache pop-up appears to clear, switch the timeframe to All or All. You will lose saved logins and all history if you check all the options, so you can uncheck those options if you wish.
Enable TLS 1.3 Version on Old Browsers
Recent versions of web browsers default to use TLS 1.3. If you haven’t updated or don’t want to update your browser, you can check the TLS version, and enable 1.3.
Open a new tab in the address bar, and type about: config. To accept the risk click on the button and then type security.tls in the search bar.
Look towards the bottom of the list for the security.tls.version.max option. Set the value to 4 if it is not already set.
In Firefox, check the TLS security settings to fix the ERR SSL VERSION OR CIPHER MISMATCH error.
Open a new tab in the address bar, and type chrome:/flags. Use search bar at the top to search for TLS. The results will include toughening options for the downgrade of TLS 1.3.
Disable QUIC Protocol
Chrome has many security settings, and err ssl version or cypher mismatch error may be caused by the “Experimental QUIC Protocol.”
In Chrome, disable QUIC protocol:
In chrome:/flags type in the address bar. Enter QUIC in top search bar. The results of the search should list “Experimental protocol QUIC.”
Change Default to Disabled, restart Chrome and try to reload the website.
- Chrome QUIC Protocol settings change to disabled.
- Clear the State of SSL on your computer.
- To clear your computer’s SSL state, go straight to the “Internet Properties” section. In
- Windows 10, the quickest way is to search from the Start menu for “Internet Properties” or “Internet Options”
- Checking Internet Options for SSL Error Solution using the Start menu.
- Navigate to the tab “Content” and click Clear SSL.
- Clearing of SSL status to fix error ERR SSL VERSION OR CIPHER MISMATCH.
- The pop-up message “Effectively cleared the SSL cache” appears.
Some older versions of Chrome enable you to access Internet Properties from the advanced settings menu, and clear SSL state.
Change or update your Web Browser
Most modern browsers automatically update on restart. If your browser failed to automatically update, you could update it manually.
Navigate to the Help and About section to check out the version on most popular browsers.
Updating Firefox to fix ERR SSL VERSION OR CIPHER MISMATCH error through section About.
In most cases the browser can be updated manually from here. Try loading the website again once the update completes.
The most common solutions for the err ssl version or cypher mismatch error were listed here. The causes may be on the client side or on the server side.
You should be able to find the cause of the error by following the steps listed in this guide, and fix it.