How to fix err_ssl_version_or_cipher_mismatch Error

Are you constantly encountering the “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” error when trying to access certain websites? This SSL error can be frustrating and confusing, but fear not! In this article, we will delve into the cause of this error and provide four different methods to fix it and get you back to opening your favourite websites.

But first, let’s take a look at the underlying technology behind SSL errors. SSL (Secure Sockets Layer) is a security protocol that establishes an encrypted link between a web server and a client (such as a web browser). This encrypted link is established through a process called a TLS (Transport Layer Security) handshake, which involves the exchange of information between the client and server to ensure that the connection is secure.

One common cause of the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error is a mismatch between the SSL protocol version used by the client (such as your web browser) and the version supported by the website’s SSL certificate. Similarly, the error can also occur if the cipher suite (a set of encryption algorithms used to secure the connection) used by the client is not compatible with the website’s SSL certificate.

So how do you fix this error and regain access to the website? Here are few different methods to try:

Possible issues for ‘err_ssl_version_or_cipher_mismatch’ error

In order to find the cause for ‘err_ssl_version_or_cipher_mismatch’ error (or rule out that it is a server-side issue), we need to check the following:

Server-side issues:

1. The SSL certificate itself
2. Check for Certificate Name Mismatch
3. See if the old TLS version is used
4. Check RC4 Cipher Suite

Local issues

1. Clearing the SSL state on your computer
2. Enabling TLS 1.3 on your browser
3. Disabling the antivirus software temporarily

Watch the video or continue reading to learn more about the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error and how to fix it.

1. Checking the SSL certificate

The first step we recommend is checking your SSL certificate. The Qualys SSL Labs has an excellent tool that will tell you anything you need to know about your SSL certificate. All you have to do is type the full URL of your site and click ‘OK‘. The results will not appear instantly, but it shouldn’t take more than a couple of minutes. There’s also an option to hide the results if you want to. The test is very reliable and it will let you know if there’s any SSL certificate error.

2. Certificate Name Mismatch issue

The Certificate Name mismatch is a pretty common issue that can occur. In this case, we have a subdomain fixrunnertest2.fixrunnertest.com which does not use SSL but shares the same IP address as the domain fixrunertest.com. The fixrunnertest.com has an SSL certificate that checks out.

There are other reasons why the browser might throw this error such as:

• The domain name is pointing to an old IP address where another site is hosted
• There is no SSL support on CDN you are using
• You haven’t included your domain name alias in the certificate

Another method you can use to check your certificate is through the browser. Simply click on the padlock icon at the beginning of the address bar. A drop-down menu will appear. Click on ‘Certificate’ and you will see a popup with information about the SSL certificate for that particular site.

Personally, we prefer the Qualys SSL Labs test as most of the browsers will not pull the certificate info if there’s an issue with it.

3. Checking for an old and unsupported version of TLS

All hosting providers should use at least TLS 1.2 version on their servers, ideally. There should also be some backward compatibility with older TLS versions since not everyone uses the latest operating systems and browsers. Most WordPress hosting providers take care of this behind the curtain to ensure maximum compatibility. If you notice an old TLS version, contact your hosting provider and ask for the minimum SSL/TLS version supported in order to avoid ‘err_ssl_version_or_cipher_mismatch’ error.

Also, the TLS 1.3 version has been published on August 21st, 2018 and it offers better security and faster speeds. If your hosting provider can’t offer at least TLS 1.2 version, it might be a good idea to switch to a different provider.

4. The RC4 Cipher Suite

The Chrome developers removed the RC4 in version 48. Although it is not a common issue, some larger enterprises might face this problem since it takes more time to update anything on a larger scale.

The Microsoft, Google, and security researchers, in general, recommend disabling RC4 cipher suite. You can check this with the SSL Labs tool.

Possible local issues to fix err_ssl_version_or_cipher_mismatch

Some older operating systems and browsers don’t support recent TLS protocols. Therefore, it is pretty certain that you will see ‘Site uses an unsupported protocol. err_ssl_version_or_cipher_mismatch’ error if you are using Internet Explorer 8 on Windows XP or Google Chrome, for example. In this case, you can try using Firefox because it has its own cryptographic library. It doesn’t use the SSL support built into windows.

Some things you might want to try are:

• Clearing the SSL state on your computer
• Enabling TLS 1.3 on your browser
• Disabling the antivirus software temporarily

1. Clearing the SSL state on your computer

Follow these steps:

1. Open Chrome browser
2. Scroll down and click ‘Advanced’ to show more options
3. Click on ‘Open proxy settings’
4. You will see a pop-up titled ‘Internet Properties’.
5. Click on the ‘Content’ tab and then click the ‘Clear SSL state’ button

2. Enabling TLS 1.3 version on your browser

The TLS versions 1.0 and 1.1 have been deprecated in Chrome version 72 and above. Still, if you are using an older version of Chrome (or a different browser) you might want to try and enable TLS 1.3. You can also check what is the maximum TLS version allowed on your browser.

Google Chrome – err_ssl_version_or_cipher_mismatch

you can fix the “Site uses an unsupported protocol. err_ssl_version_or_cipher_mismatch” error in chrome simply by enabling TLS 1.3. Here’s how to do that:

• Type ‘chrome://flags’ in the address bar then type ‘TLS’ in the search field.
• You will see an option named ‘TLS 1.3 downgrade hardening’.
• If it is enabled (or default), then leave it that way. Otherwise hit the “enable” button.
• Close the window.

This will enable backward compatibility with TLS versions 1.0 and 1.1.

With this, you may have successfully fixed the “err_ssl_version_or_cipher_mismatch” error in chrome.

Firefox

Type ‘about:config’ in the address bar. You will see a message ‘This might void your warranty!’. Just click ‘I accept the risk.’ and when redirected to the configuration page, type ‘TLS’ in the search field. Look for a setting called ‘security.tls.version.max’. The value at the right end of the row should be 4. If it isn’t, double click the number and set it to 4.

3. Temporary Disable Antivirus

If you went through all of the steps listed above, one last thing you could try is to temporarily disable antivirus. It is possible for certain antivirus software to add a layer between the browser and the web. This layer will contain its own certificates which may cause the issue. Again, this is only a temporary solution, If you will experience Err_SSL_Protocol_Error check this guide.

FAQs – Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH on WordPress

What does ERR_SSL_VERSION_OR_CIPHER_MISMATCH mean?

ERR_SSL_VERSION_OR_CIPHER_MISMATCH is an error message that appears when a user’s web browser is unable to establish a secure connection with a website due to incompatible SSL/TLS protocols or cipher suites. This error can prevent users from accessing your WordPress website and is often caused by incorrect SSL configurations, outdated software, or firewall issues.

How can I resolve ERR_SSL_VERSION_OR_CIPHER_MISMATCH on my WordPress site?

You can resolve ERR_SSL_VERSION_OR_CIPHER_MISMATCH by following these steps:

Check your SSL certificate: Ensure that your SSL certificate is valid and properly installed on your web server.
Update your server software: Keep your web server software up-to-date to support modern SSL/TLS protocols and ciphers.
Configure your SSL settings: Verify that your server is configured to use the correct SSL/TLS protocols and cipher suites.
Check your CDN or firewall settings: Ensure that your CDN or firewall is not blocking any necessary SSL/TLS protocols or cipher suites.

How do I check my SSL certificate’s validity and installation?

You can use an online SSL checker tool like SSL Labs’ SSL Server Test to verify your SSL certificate’s validity and installation. Simply enter your website’s URL, and the tool will analyze your SSL/TLS settings, check your certificate’s expiration date, and provide you with detailed information on your SSL configuration.

How do I update my web server software to support modern SSL/TLS protocols and ciphers?

To update your web server software, you will need to consult your server’s documentation or contact your hosting provider for assistance. They can guide you through the process of upgrading your server software to ensure compatibility with modern SSL/TLS protocols and cipher suites.

How do I configure my SSL settings to resolve ERR_SSL_VERSION_OR_CIPHER_MISMATCH?

To configure your SSL settings, you may need to modify your server configuration file. For Apache servers, edit the “httpd.conf” or “apache2.conf” file, and for Nginx servers, edit the “nginx.conf” file. Make sure your server is using the correct SSL/TLS protocols and cipher suites, and consult your server’s documentation for specific configuration guidelines.

What should I do if the error persists even after implementing the suggested solutions?

If the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error persists after trying the suggested solutions, contact your hosting provider or a professional WordPress support service, like FixRunner, for assistance. They can help you diagnose and resolve the issue to get your website running smoothly again.

Conclusion – update your software to prevent ‘err_ssl_version_or_cipher_mismatch’

The one fact that is absolutely true when it comes to the world of technology is this – adapt or die. The software is constantly being updated, security protocols are changing and functionality is improving. Backward compatibility can only get you so far and at a certain point, you will have to get along to go along.

It is worth thinking about updating your operating system, browser, and any software you might use on a regular basis. I remember all of the Windows updates I went through. At first, I thought that it will be a painful transition, but I was wrong. It took me days, maybe weeks, to get used to a new environment but it pays off in the long run.

If you are still experiencing ‘Site uses an unsupported protocol. err_ssl_version_or_cipher_mismatch’ error or any other issues with your website and don’t know what is the next step, we can help. Feel free to contact our WP Support team.

For more WordPress tutorials follow our blog. If you are not sure how to switch from HTTP to HTTPS on WordPress check out our guide. If you are starting out and need a free SSL certificate, see how to install Cloudflare SSL on WordPress.

More Resources

• How to Fix Your Connection Is Not Private Error in Chrome (WordPress)
• What is WordPress? How does it Work? – A Beginners Guide
• WordPress Vulnerabilities (And How to Fix Them)