How to Fix err_ssl_version_or_cipher_mismatch
At the point when you visit a site running over HTTPS a progression of steps are performed between the program and the web worker to guarantee the endorsement and SSL/TLS association is legitimate. In the event that for reasons unknown the program doesn’t care for what it sees, like a misconfiguration or unsupported form, your program may show the accompanying mistake: “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” which keeps you from getting to the site.
Look at a couple of proposals on the best way to fix this mistake.
Reasons for ERR_SSL_VERSION_OR_CIPHER_MISMATCH
The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error typically occurs on more experienced frameworks or work programs.
You may likewise see a variety of the mistake, for example,
- Mistake 113 (net::err_ssl_version_or_cipher_mismatch): obscure blunder
- The customer and worker don’t uphold a typical SSL convention form or code suite
Look at reasons underneath on why this occurs and what can be done.
- Check Your SSL Certificate
- Test for Certificate Name Mismatch
- Check for Old TLS version
- Check RC4 Cipher Suite
- Try Clearing the SSL State On Your Computer
- Use a New Operating System
- Temporary Disable Antivirus
Check Your SSL Certificate:
In the event that you see this blunder, the first and most straightforward spot to begin is to play out a SSL beware of the endorsement that is introduced on the site. We propose utilizing the free SSL check apparatus from Qualys SSL Labs. It is truly solid and we use it for all Kinsta customers when confirming endorsements. Just info your space into the Hostname field and snap on “Submit.”
You can likewise choose the alternative to shroud public outcomes in the event that you like. It could require a moment or two to examine your webpage’s SSL/TLS design on your web worker.
Check for Certificate Name Mismatch:
As SSL Labs expresses, a crisscross can be various things, for example,
- The site doesn’t utilize SSL, however shares an IP address with some other site that does.
- Site does not exist anymore, yet the space in fact focuses to the old IP address, where some other site is currently facilitated.
- Website utilizes a substance conveyance organization (CDN) that doesn’t uphold SSL.
- The space name pseudonym is for a site whose name is unique, yet the false name was excluded from the endorsement.
Another simple method to check the current area name issue on the endorsement is to open up Chrome DevTools on the site. Right-click anyplace on the site and snap on “Assess.” Then snap on the security tab and snap on “View authentication.” They gave area will show in the testament data.
Recall however, there are special case authentications and different varieties, yet for a common site, it should coordinate precisely. Be that as it may, for our situation, the ERR_SSL_VERSION_OR_CIPHER_MISMATCH mistake really kept us from having the option to check it in Chrome DevTools. That is the place where an apparatus like SSL Labs can prove to be useful.
Check for Old TLS rendition:
Another conceivable explanation is that the TLS variant running on the web worker is old. Preferably, it ought to be running in any event TLS 1.2 (even better, TLS 1.3). In the event that you are a Kinsta client you never need to stress over this as we generally overhaul our workers to the best in class upheld variants. Kinsta underpins TLS 1.3 on the entirety of our workers and our Kinsta CDN. Cloudflare additionally empowers TLS 1.3 as a matter of course.
(Proposed perusing: in case you’re utilizing heritage TLS variants, you should fix ERR_SSL_OBSOLETE_VERSION Notifications in Chrome).
This is something the SSL Labs instrument can likewise assist with. Under setup, it will show you the current form of TLS running on the worker with that declaration. On the off chance that it is old, connect with your host and request that they update their TLS variant.
Check RC4 Cipher Suite
Another explanation as indicated by Google’s documentation for ERR_SSL_VERSION_OR_CIPHER_MISMATCH is that the RC4 figure suite was taken out in Chrome form 48. This isn’t normal, yet it could occur in say bigger venture arrangements that require RC4. Why? Since everything generally takes more time to overhaul and refresh in greater and more intricate arrangements.
Security specialists, Google, and Microsoft suggest that RC4 be incapacitated. So you should ensure the worker arrangement is empowered with an alternate code suite. You can see the current code suite in the SSL Labs apparatus (as seen beneath).
Try Clearing the SSL State On Your Computer:
Something else to attempt is clearing the SSL state in Chrome. Much the same as clearing your program’s store this can at times help if things escape sync. To clear the SSL state in Chrome on Windows, follow these means:
- Click on the Google Chrome – Settings symbol (Settings) symbol, and afterward click Settings.
- Click settings.
- Under Network, click Change intermediary settings. The Internet Properties exchange box shows up.
- Then click on Content tab.
- Click on “Clear SSL state”, and afterward click OK.
- Restart Chrome.
Use New Operating System:
More experienced workplaces become obsolete with newer innovations, for example, TLS 1.3 and the newer code suites when programs stop supporting them. The explicit parts of newer SSL certificates will essentially stop working. Google Chrome, in fact, re-evaluated Windows XP in 2015. We usually recommend upgrading to newer frameworks if possible, for example, Windows 10 or the newer form of Mac OS X.
Temporarily Disable Antivirus:
The exact opposite thing we suggest attempting on the off chance that you are as yet seeing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH mistake is to guarantee you don’t have an antivirus program running. Or then again attempt briefly incapacitating it. Some antivirus programs make a layer between your program and the web with their own endorsements. This can once in a while cause issues.