Whenever you attempt to access a website with an SSL certificate installed - which is (or ought to be) every website - an operation known as the SSL handshake takes place. During this short period of time, the SSL certificate in question does its job and establishes a safe web server connection between the host (website) and the client (your device). In some cases, however, the SSL handshake may break down for a variety of reasons, which then leads to error message popups of various kinds, one of the more prominent of which is the titular ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
- What is ERR_SSL_VERSION_OR_CIPHER_MISMATCH?
- What causes the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error?
- How to fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error
- Should I be getting worried over ERR_SSL_VERSION_OR_CIPHER_MISMATCH?
As may already be obvious, this is a fairly common SSL protocol version error. Sometimes, SSL certificates simply fail to perform the handshake correctly. Perhaps it's due to an overzealous piece of antivirus software. Perhaps it's due to one of your Google Chrome browser extensions acting up. Server configuration is also a potential culprit, and complicating things further still is the fact that your device may be attempting to perform an SSL handshake with an old TLS version in the first place.
A complex issue, then, but not an unsolvable one. Here, we've prepared a detailed and comprehensive summary of all the important bits you, too, ought to know about the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, as well as a few of the common fixes you may attempt to perform.
Everything You Need to Know About ERR_SSL_VERSION_OR_CIPHER_MISMATCH
What is ERR_SSL_VERSION_OR_CIPHER_MISMATCH?
ERR_SSL_VERSION_OR_CIPHER_MISMATCH is a web server error that tells you your web browser has come across something it's not very keen on, in simple terms. Web browsers interacting with severely outdated websites with legacy TLS versions may sometimes throw out this error, though it certainly can pop up as a result of faulty web server configuration as well.
In most cases, it's going to be attached as an addendum to the more generic error message along the lines of 'This site cannot provide a secure connection," with a short explanation that the provided SSL certificates or some other related security option use an unsupported TLS version or protocol.
Broadly speaking, this is what happens when modern browsers detect a potentially suspicious element or activity on a given website. Sometimes, that's just an older TLS version running that's yet to be fully updated. Other times, it might be a genuine breach of the content delivery network. Whatever the case may be, this error message is a sign that something may be amiss.
What makes this an SSL certificate error message?
The process of completing the TLS handshake upon connecting to a site has become entirely ubiquitous in the modern Internet landscape. Virtually every mainstream website has an SSL certificate in place, and modern browsers leverage this technology to make web browsing a safe and pleasant experience for all involved parties. The appearance of a website that has an older TLS version or, perhaps, no SSL certificate at all, is a major security concern.
This is what makes ERR_SSL_VERSION_OR_CIPHER_MISMATCH error a potentially major red flag in some cases. Visitors should take note of what website they're visiting and, perhaps, what the chances are of it being infected by a malicious third party. On that note, it's worth remembering the many recent data breaches that took place on some of the biggest companies' own servers. If things don't add up, it may pay off to be on the lookout for other red flags.
While it's entirely possible that the source of your particular ERR_SSL_VERSION_OR_CIPHER_MISMATCH error message is a simple certificate name mismatch or something like that, that's not something we recommend taking for granted.
Does it signal an issue with the web server, or the client device?
The certificate mismatch error often has something to do with the website you're attempting to access. Since it's a TLS handshake problem, however, the SSL/TLS certificate installations that are in place could be the cause at either end of the spectrum.
An easy way to check whose SSL certificate is the problem would be to run an SSL certificate check. Once that's done, you'll know whether you have an invalid SSL certificate. If that's not the case, then the problem is server-side, and you likely have no way of resolving it in the first place.
Other variants of this error do exist, keep in mind
It's worth pointing out that ERR_SSL_VERSION_OR_CIPHER_MISMATCH has a few alternative messages that may crop up instead of it. These are, in most cases:
'Error 113 (NET::ERR_SSL_VERSION_OR_CIPHER_MISMATCH): unknown error' message
'The client and server don't support a common SSL protocol version' error message
Both are reasonably self-explanatory, but if you're not familiar with what they mean, they may seem scarier than they actually are. In broad terms, you can treat these error messages in much the same way as you would the actual featured SSL/TLS certificate problem. In other words, they're effectively equivalent, and you can try the same fixes.
What causes the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error?
Now that we've gone over much of the background of the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, it's time to go over some crucial technical details. Namely, the specifics of what SSL certificate problems cause it. In most cases, the error message will have something to do with the following connectivity features:
old TLS version may be the culprit if some element of the server in question (i.e. SSL certificate) hasn't been updated
invalid SSL certificate instances can crop up, too, resulting in SSL certificate name mismatch problems
outdated operating system and/or web browser applications can lead to the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error, so make sure to run all the updaters if this comes up
browser cache data needs to be cleared every so often, and the fix may be as simple as this
antivirus software is acting up in some cases, leading to strange and unwarranted error messages; consider updating your antivirus software if nothing else works
QUIC protocol doesn't usually trigger certificate name mismatch errors, but it can happen, so it's something to consider checking out
Broadly speaking, odds are good that you're coming across an ERR_SSL_VERSION_OR_CIPHER_MISMATCH error due to one of these culprits. Fixing it, therefore, could very well be relatively simple in many cases!
How to fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error
Many will be looking to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH error in some capacity. While it's entirely possible that you'll be able to do so on your end, it won't always be the case. Namely, you may well be dealing with a website's SSL certificate being out of date, and this isn't something that can be fixed via a user's browser. With that caveat in mind, let's go over some of the common fixes you may consider trying out.
Fix #1: Clearing browser cache and cookies
One way of fixing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error is to clear your browser's cookies and cache data. Doing so is easy, though the specifics may depend on which browser you're using. For Google Chrome, you can do the following:
Open Google Chrome -> Click the three-dot menu in the upper right corner of the browser window -> More tools -> Clear browsing data
Once there, you can choose a specific time range you'd like to wipe, but the way to go here would be to choose the 'All time' option and then hit 'Clear data.'
FIX #2: Clearing SSL state
Another notable (potential) fix for the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error is to clear your SSL state. This, too, will depend on the specific web browser you may be using, but you'll find the guide for Google Chrome down below:
Open Google Chrome -> Click the three-dot menu in the upper right corner of the browser window -> Settings -> Show advanced settings -> Network -> Change proxy settings
When the 'Internet Properties' dialog box appears, go to the 'Content' tab and select the 'Clear SSL state' option. Once the operation is finished, restart Chrome and your SSL state will have been fully cleaned up. Note, too, that the SSL state can get clogged up, so it's possible for it to cause the error in question. Moreover, clearing your SSL cache shouldn't cause any long-term issues, so it's one of the safer fixes to try out.
FIX #3: Enabling TLS 1.3
Another browser-specific option, it may help if your TLS version somehow got downgraded or otherwise messed up during updates or various system-level changes you may have undergone. On Google Chrome, simply type 'chrome://flags/' into your address bar, then input 'TLS' into the search box.
Then, pick the appropriate option and set TLS to enabled or default, depending on the initial state of the setting. Once that's done, re-launch the browser and see if the site's SSL certificate is now working.
FIX #4: Disabling QUIC protocol
On Google Chrome, you can disable the QUIC protocol by inputting 'chrome://flags#enable-quic' into your address bar. Once the new interface opens up, simply set the appropriate flag to 'disabled' and re-launch the browser.
FIX #5: Updating the operating system
Sometimes, the simplest fix is the least obvious. No matter which operating system you may be using, odds are good that you're getting security updates on a monthly, if not weekly basis. Staying on top of this isn't always easy if you're not keen on auto-updates, and it's certainly possible that you're missing some crucial OS-level updates to access a given website.
FIX #6: Updating the browser
Chrome browsers get updates at an extremely rapid pace, and if your particular browsing habits don't include restarting the application often, it's possible that there's a big green 'UPDATE' button hovering in the upper right corner of your browser window. Whether it's Google Chrome or any other browser, really, make sure to keep it fully up-to-date - this includes any and all browser extensions you may be using too, it's worth pointing out.
Should I be getting worried over ERR_SSL_VERSION_OR_CIPHER_MISMATCH?
As we've explained above, the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error isn't necessarily the cause for concern all on its own. It is, however, a sign that something is definitely up, and that it needs to be diagnosed and resolved as quickly as possible. A simple certificate name mismatch will, indeed, sometimes cause this problem. Keeping up with the latest and most secure TLS version isn't everyone's primary concern, after all, and Google Chrome and other browsers will happily highlight when this problem crops up - as they ought to.
Whether it's an operating system update or a much-needed clean-up of your browser cache, figuring out and resolving problems such as this one is crucial for keeping your devices and network solutions safe. Transport layer security only works when its users don't actively work to unknowingly dismantle it, which is why it's important that users are broadly aware of their SSL settings, common SSL error instances, and ways in which they may be able to fix them.
If there's just no way to resolve the ongoing SSL connection problem, and if the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error keeps cropping up - consider revisiting the site sometime in the future. Certainly don't turn off your antivirus program unless you're absolutely sure that you know what you're doing, which is a common recommendation on the Internet.