Secure Socket Layer (SSL) protection is an essential part of data privacy and website security. Unfortunately, there are a handful of common SSL errors you (or your visitors) may encounter when trying to access an HTTPS encrypted site, including ERR_SSL_VERSION_OR_CIPHER_MISMIATCH.
While this error message can be scary and confusing at first, it’s usually pretty easy to fix. The issue often boils down to an SSL misconfiguration or outdated setting that prevents your browser and server from properly communicating in order to establish a secure connection.
In this post, we’ll explain what the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error is and some common causes of it. Then we’ll provide you with nine simple solutions you can use to resolve this issue. Let’s get started!
In This Article 👍
What Is ERR_SSL_VERSION_OR_CIPHER_MISMATCH?🤔
The whole point of installing an SSL certificate on your website is to ensure your content is served via a secure browser connection. So, when you’re trying to access an HTTPS site and are met with an error message indicating it’s not secure, it can be quite frustrating.
As we discussed in a recent post, WordPress mixed content SSL warnings are common after switching from HTTP to HTTPS. They typically mean your SSL certificate wasn’t properly configured.
Similarly, if you have an HTTPS encrypted site but your browser is still unable to establish a secure connection, it can result in you seeing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error:
Put simply, this is one of many errors that can happen when a browser and web server are unable to properly communicate. Whenever you access a website from your browser, it checks with the server for the SSL certificate.
In a process known as a Transport Layer Security (TLS) handshake, the validity of the SSL certificate is tested against the Certificate Authority (CA). If there’s a problem with the certificate, such as an incompatibility or a misconfiguration, the browser returns the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error rather than the website.
What Causes the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error?🧐
There are many different reasons you might be seeing this message. It can be attributed to an issue with your browser or one with your server.
For example, the problem may be that you’re using an older browser or Operating System (OS). However, this error only happens with HTTPS sites. Therefore, if you’re able to visit other HTTPS sites from your browser without seeing this message, it’s probably a server-side issue.
Another reason for seeing ERR_SSL_VERSION_OR_CIPHER_MISMATCH, as suggested within the name itself, is a cipher mismatch. In order to establish a secure connection, the browser and server must have a common language. If they don’t use the same cipher, they can’t communicate properly.
It’s also possible that the SSL certificate issued isn’t matched with the right domain or that the domain name no longer exists. Additionally, this error can sometimes be attributed to outdated TLS versions or antivirus software conflicting with a browser’s default security settings.
Clearly, there’s a range of potential causes, which can seem overwhelming. The good news is that most have relatively simple solutions.
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH (9 Solutions)👷🏾♂️
Whatever is causing the issue, the important thing is that you’re able to fix it. Let’s take a look at nine solutions you can use to fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error:
1. Update Your Browser
As we mentioned, an outdated browser might be to blame for this error. Therefore, an easy place to start is by making sure you’re using the latest version of yours.
We’ll use Chrome as an example throughout this post, since it’s the most popular browser. However, the steps for these solutions should be similar with any platform.
First, click on the three vertical dots in the top right-hand corner of a new Chrome tab. Then navigate to Help > About Google Chrome:
On the About Chrome page, it will tell you which version you’re using, as well as whether it’s up to date:
If you’re not using the latest version, it will automatically start updating for you. Once it’s done, you can click on the Relaunch button to complete the process. If Chrome is already up to date, you can move on to one of the other solutions in this post.
2. Test Your SSL Certificate
There may be a variety of issues with your SSL certificate causing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. Therefore, testing yours to uncover any potential problems is another solid place to start for resolving this issue.
One of the easiest ways to check your SSL certificate is with Qualys SSL Labs:
This website provides a quick and easy way to assess your SSL connection and identify any possible issues with it, including a mismatch with a server or an outdated certificate.
To get started, visit the website and select Test your server. Then, in the field provided, enter your hostname (meaning your website’s domain), and click on the Submit button:
After a minute or so, the results will show you a plethora of information about your SSL certificate. It will also provide you with an overall grade, which will ideally be an ‘A’:
Scan the results to note and address any major issues the server test flagged. If you’re not sure what exactly you’re looking for, don’t worry. We’ll be referring to these results again in a couple of the following solutions.
3. Check for a Certificate Name Mismatch
As you might recall, one of the most common causes of the ERR_SSL_VERSION_OR_CIPHER_MISMATCH is a name mismatch with the SSL certificate. This can happen for a handful of reasons.
For example, the certificate could be issued to a site that no longer exists or be pointing to an old IP address. It’s also possible that the alias of the domain name wasn’t defined when the SSL was issued.
To check for a certificate name mismatch, navigate to the page displaying the error, then right-click and select Inspect. Alternatively, you could click on the three vertical dots in the top right corner of the browser tab in Chrome, then select More > Developer tools.
This will open the Chrome DevTools Console. Along the top, click on the Security tab, followed by the View certificate button:
In the Certificate Viewer that opens, the Issued to section should list the domain of the website you’re trying to access. If it doesn’t, it would explain why you’re seeing the error:
However, if it is, the next step is to check to see whether the alias of the domain name is listed. Click on the Details tab, then navigate to where it says Certificate Subject Alternative Name (under the Extensions section):
The defined domains will populate in the box under Field Values. If the alias name is not included with this certificate, it’s likely the reason you’re seeing the error. To resolve it, you’ll need to reach out to the CA to acquire an updated SSL certificate.
4. Clear Your SSL Slate
Your computer’s SSL slate keeps stored copies of SSL certificates that can sometimes contain outdated or conflicting information. If this is what’s causing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, there’s a quick fix available.
The first step is to open in the Internet Properties (or Internet Options) control panel. You can do this by going to Settings > Advanced settings from a Google Chrome tab, then clicking on Open your computer’s proxy settings:
You can also simply type “internet properties” into your Windows start menu, then select the Internet Properties control panel. In the window that opens, under the Content tab, select Clear SSL Slate:
When you’re done, click on the OK button, followed by Apply. Restart your browser, then try visiting the site again.
5. Confirm TLS 1.3 Support With Your Server and Browser
Another reason you may be seeing this error is if the server your site is running on uses an old TLS version. Most quality hosting providers automatically upgrade their servers to run TLS 1.2 or TLS 1.3. However, this isn’t always the case.
To see which TLS version your site is running on, you can use your server test results from SSL Labs, which we discussed earlier. Under your score at the top, it should say whether your server supports TLS 1.3:
However, for more specific information, you can also navigate to the Configuration section. Here, you’ll find a list of protocols and whether your server supports them:
If TLS 1.3 is supported by your server, then the issue may be that it’s not enabled in your browser. Again, this is usually configured by default. However, it’s worth double checking, especially if you’re using an outdated browser.
To check and enable TLS 1.3 support in Chrome, type “chrome://flags” into the address bar and hit Enter. This will bring you to the Chrome Experimental page. Enter “TLS 1.3” in the search bar:
Next to TLS 1.3 hardening for local anchors, it should say either Default or Enabled. If it is set to Disabled, change it to Enabled. Restart your browser, then try to visit the site again.
6. Verify Your Server Doesn't Support RC4 Cipher Suite
RC4 Cipher is a deprecated, outdated encryption tool that is widely deemed insecure and untrustworthy. As such, it’s not supported by most modern browsers, including Chrome.
Therefore, if your website uses the RC4 cipher, it would explain why you’re seeing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. To check which cipher suites your server supports, navigate to the Configuration section of your SSL Labs server test results page again.
Under Cipher Suites, make sure RC4 is not listed. Ideally, it should be the TLS 1.3 protocol.
You can also scroll down to the Protocol Details section. Under the Supported column next to RC4, it should say “No”:
However, if RC4 is supported by your server, it will be in red and marked as insecure. It’s best to disable it as soon as possible.
7. Disable QUIC Protocol
The QUIC (Quick UDP Internet Connections) protocol is one of Google’s experimental projects that sends simple packages using User Datagram Protocol (UDP) without connection. It’s a popular alternative to TLS/SSL, HTTP/2, and other security solutions.
However, it can also be the cause of the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error you’re seeing. To determine whether that’s the case, you can disable the QUIC protocol in your browser.
To do so, open a new Chrome tab and type “chrome://flags” in the address bar, just like we did to look for TLS 1.3 support. On the Experimental page, enter “quic” into the search bar. Then, next to Experimental QUIC Protocol, select Disable from the dropdown:
If it is already set to Disabled or Default, you can leave it as is and move on to the next solution. To apply any changes, you will have to restart your computer. Once you reboot your system, try accessing the website again.
8. Clear Your Browser's Cache
Sometimes your browser’s cache and cookies can be the root of errors such as ERR_SSL_VERSION_OR_CIPHER_MISMATCH. Similar to your computer’s SSL slate, it may simply be using wrong or outdated information.
Therefore, another solution you can try is to clear your browser’s cache. If you’re unfamiliar with this process, simply click on the three vertical dots in a Chrome tab, then navigate to More tools > Clear browsing data:
In the window that opens, make sure all options are selected, then click on the Clear data button at the bottom:
This will clear out all of your browser’s cache and cookies. Once it’s finished, you can try accessing the site again.
If you want to take this method a step further, you can also refer to our post on clearing your website’s cache.
9. Temporarily Disable Your Antivirus Software
Some antivirus programs come with an SSL/HTTPS protection feature that can interfere with your browser’s default security settings. Therefore, to see if this is what’s causing the error, it’s best to temporarily disable yours.
The instructions for doing so will depend on your software. However, if you’re using Windows, you can find your installed applications by clicking on Settings (the gear icon) from the start menu, followed by Apps:
This will display a list of your installed apps and software. Scroll until your find your antivirus program, then right-click on it and select Uninstall.
Mac users should select Go > Applications from their desktop toolbar, then look for their antivirus software. You can delete the program by dragging it to your Trash.
Once your antivirus program deactivated, you’ll need to restart your computer before visiting the website you’re trying to access again. If this fixed the issue, you might consider using a different software or disabling the HTTPS scanning feature if that’s an option.
Frequently Asked Questions💁♂️
No. While this error often is experienced by Chrome users, it can also occur in other browsers, including Safari and Firefox.
Completing the solutions we've outlined above should resolve the ERR_SSL_VERSON_OR_CIPHER_MISMATCH error. However, if for some reason you're still seeing it, the problem is likely due to your Operating System or device. Therefore, you might consider upgrading your OS or using a different computer.
Wrapping Up 📍
Installing an SSL certificate on your WordPress site is highly recommended to keep it secure. However, HTTPS encrypted sites can sometimes experience errors such as ERR_SSL_VERSION_OR_CIPHER_MISMATCH. This may be due to a browser, computer, or server misconfiguration.
As we discussed in this post, while frustrating, this SSL-related issue typically has a relatively simple solution. In addition to running a server test via SSL Labs, we also recommend updating your browser, clearing your cache, and making sure you have support for TLS 1.3.
Staying on top of your WordPress site’s security and updates is a helpful way to prevent SSL warnings and other errors. At WP Buffs, we offer Care Plans that handle all these tasks for you. Check them out today to see how we can help!
Want to give your feedback or join the conversation? Add your comments 🐦 on Twitter.
Featured Image Credit: Unsplash.
