Understanding and How to Overcome ERR_SSL_VERSION_OR_CIPHER_MISMATCH

SSL error is one of the many errors experienced by internet users. Although the appearance of the message in the browser makes users a bit worried, the steps to deal with it are actually quite easy.

In this article, we will discuss a quick and effective way to solve ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

What is ERR_SSL_VERSION_OR_CIPHER_MISMATCH?

Every time the website is accessed, the browser will automatically check the SSL certificate. This action is one way to prove the authenticity of the website accessed and whether the website has implemented the correct protocol to secure the connection.

If the protocol configuration on the website turns out to be insecure, the browser will automatically display an error message, for example ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

In fact, this message is the browser’s way of protecting its users from accessing unsafe websites.

Another cause is the version of the security protocol used. Most likely the version is an old version which will make the website as well as the device more vulnerable to security threats.

Keep in mind that the error message ERR_SSL_VERSION_OR_CIPHER_MISMATCH only appears when the accessed website installs SSL and encryption HTTPS to secure the exchange of access and information.

Websites that have this encryption enabled will have a lock icon in the URL bar.

In fact, this message is the browser’s way of protecting its users from accessing unsafe websites.

Another cause is the version of the security protocol used. Most likely the version is an old version which will make the website as well as the device more vulnerable to security threats.

Keep in mind that the error message ERR_SSL_VERSION_OR_CIPHER_MISMATCH only appears when the accessed website installs SSL and encryption HTTPS to secure the exchange of access and information.

Websites that have this encryption enabled will have a lock icon in the URL bar.

Usually this error occurs in Google Chrome and Internet Explorer browsers.

Why Does the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error Occur in the Browser?

error message ERR_SSL_VERSION_OR_CIPHER_MISMATCH It can be caused by many things, from incompatible SSL certificates on device components to problems with system security settings, such as improperly configured firewalls and antiviruses.

Another cause that also often triggers this error is the protocol QUIC (Quick UDP Internet Connections).

Last but not least, other factors such as outdated cookies and accumulated browser history also affect connection security.

How to Overcome ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Even though the appearance of this error message is enough to make most internet users panic, how to deal with it is not that difficult.

Here are five ways to overcome ERR_SSL_VERSION_OR_CIPHER_MISMATCH :

1. Check the SSL/TLS certificate

The first way to analyze errors ERR_SSL_VERSION_OR_CIPHER_MISMATCH is to check the SSL / TLS certificate. If the certificate used is outdated or damaged, don’t be surprised if there will be lots of errors popping up every time you access the internet.

Use SSL Labs to check the SSL/TLS certificate.

This tool will check the SSL connection and do the detection on the server to check if there is something wrong. Not only that, SSL Labs will also inform you about the validity period of SSL/TLS and whether it needs to be renewed.

The following is an example of an SSL report for the Hosteko website built using the SSL Labs tool:

2. Enabling TLS 1.3 support

As the latest security layer of SSL technology, TSL (Transport Layer Security) creates a secure connection between the browser and the web server. If this feature is turned off, the browser will reject certificates from some websites. This is what then causes a number of problems.

Fortunately, most modern browsers, such as Google Chrome, come with TLS 1.3 by default.

It’s just that, if you have an older version of Chrome, you must follow these steps to enable the browser’s TLS support:

• Open Google Chrome
• When chrome://flags is in Chrome’s URL field, then press enter
• Search TLS
• Activate (enable) support TLS 1.3

Unfortunately, this option is not available in the new version of Google Chrome.

For example, if you apply the four steps above on the Chrome version 80.0.3987.1222the only options you get are TLS 1.3 downgrade hardening. Its function is to “strengthen” TLS 1.3 connections and allow downgrades in older TLS versions (set to default).

3. Disabling the QUIC protocol

The QUIC (Quick UDP Internet Connections) protocol is an experimental project by Google that can send simple packages using the User Datagram protocol (UDP) without requiring a connection.

Although QUIC is known as the best alternative to other security services, such as TCP, HTTP/2, and TLS/SSL, this protocol sometimes triggers mixed content warnings, including ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

Therefore, you must turn it off to resolve SSL certificate connection issues. Here are the steps (via Google Chrome):

• Open Chrome and type chrome://flags in the URL field, then press enter.
• You will be redirected to the experimental features page. Search QUIC.
• Set Experimental QUIC Protocol to options disabled.
• Finished!

Another way to turn off the QUIC protocol is to use Application Control or Firewall Policy. However, since using these two methods requires you to be technically savvy, we do not recommend them.

4. Delete web history/cache

Web history and web cache will store site data accessed through the browser. This data can be text, images, or files. Enabling cache means speeding up access to open web pages.

Unfortunately, the stored data tends to be static and old data. Especially if the site has made some changes, the data doesn’t match. Caches that don’t get cleared can result in SSL errors and long-term security risks.

Clearing the cache on the device and restarting the browser will be the best solution ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

If this method doesn’t get rid of the error, clear the SSL State in the browser.

Here are the steps (for Google Chrome version 80.0.3987.122):

• Hover over to the top-right corner of Chrome’s screen, click the 3 dots, and select Settings.
• Scroll down to the Settings area and find and then click an option advanced.
• Click Open Proxy Settings. Dialog box Internet Properties will appear.
• Click tabs Content. Ignore the other settings tabs.
• Click Clear SSL Statethen select OK.

5. Disabling antivirus and firewall

Misconfigured antivirus and/or firewall will also cause security problems, including ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

The warning that is displayed is also a fake warning because a safe website will be detected as a dangerous website.

The solution is to leave the firewall settings at default. Another option is to turn it off, but unfortunately this can result in some pretty serious security issues.

Also, if you install antivirus software or other security programs on your computer, the SSL scan feature will automatically activate. Turn off this feature to get rid of error messages on the website.

Although there are many ways to turn off automatic SSL scan, if your installed antivirus has an SSL Scan option, just set it to OFF.