How to Fix Cloudflare ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome (And Other Browsers)

Website uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

Err Ssl Version Or Cipher Mismatch Chrome
ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error on Chrome

Urgh, how annoying. Especially if this is your website.

Even if you’re using the latest Chrome on the newest Windows or Mac system, you might still bump into the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. It’s more common with older setups but can surprise you on modern ones too.

This is your browser’s way of saying that something has gone wrong in the TLS Handshake (a TLS Handshake part of the process your browser goes through to make sure it’s serving you the right website) – such as a misconfiguration or unsupported version.

Two other ways this error can be presented:

  • The client and server don’t support a common SSL protocol version or cipher suite
  • Error 113 (net::err_ssl_version_or_cipher_mismatch): unknown error

Here are some simple ways to fix this error.

How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Cloudflare Error

  1. Check Your Browser And Operating System
  2. Temporary Disable Antivirus
  3. Verify Your SSL Certificate is Correct
  4. Check for Certificate Name Mismatch
  5. Check for Old TLS version
  6. Clear the SSL State On Your Computer
  7. Check RC4 Cipher Suite

Check Your Browser And Operating System

The first step is to make sure the issue isn’t caused by an out-of-date operating system or browser, as none of the other steps below are going to help if this is the case.

Using an old browser version often leads to the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. Yes, even that ancient Internet Explorer 6 could be the culprit!

Older operating systems can also be the root cause as they gradually fall out of date with newer technologies (e.g. TLS 1.3) as browsers stop supporting them.

For example, Google Chrome ended support for Windows XP back in 2015.

Not sure if your browser or system is old? Try accessing the website from a different device, like a smartphone that’s usually updated—unless you’ve been skipping those update notifications!

If a more up-to-date device is working, it’s likely got to do with your browser or operating system.

If you haven’t already, download the latest version of Chrome and see if the error goes away.

If the error is still present, then it might be your OS, and you should download the latest version of Windows / Mac / Ubuntu / etc.

Remember this is only if the error is present on your computer but not on a more up to date device. If the error is only present on your computer but not your smartphone and you’re confident that your browser + OS is up to date, then it could be the antivirus software you’re using.

Temporary Disable Antivirus

Your antivirus might be causing the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error by inserting its own certificates between your browser and the internet.

Try temporarily pausing or disabling your antivirus software and see if the issue persists.

If the error doesn’t go away, we need to check if the SSL certificate has been set up correctly.

Verify Your SSL Certificate is Correct

Now that we’ve eliminated user-specific issues, we need to make sure that the SSL certificate is actually valid.

This is easily done with a free SSL checking tool, like this one from SSL Labs.

Simply input your domain into the Hostname field and click “Submit”, as shown below:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH Check SSL certificate
Verify Your SSL To Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error

After a few minutes of scanning your site’s SSL/TLS configuration, you’ll know whether your SSL certificate is valid.

If it’s not valid, we’ll run through the possible reasons this could be the case below.

Check for Certificate Name Mismatch

A certificate name mismatch can result in an ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

As you can see from the SSL Labs test below, this is pretty quick and easy to diagnose. As SSL Labs states, a mismatch can be a number of things such as:

  • The site does not use SSL but shares an IP address with some other site that does.
  • The site no longer exists, yet the domain still points to the old IP address, where some other site is now hosted.
  • The site uses a content delivery network (CDN) that doesn’t support SSL.
  • The domain name alias is for a website whose name is different, but the alias was not included in the certificate.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH Certificate Name Mismatch
Certificate Name Mismatch

You can also use Chrome DevTools to check for a certificate mismatch (although often the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error will prevent you from being able to check it in Chrome DevTools).

To do this:

  1. Open up the website in Google Chrome
  2. Right-click anywhere on the website and click “Inspect.”
  3. Click on the Security tab and click “View certificate.”
  4. The issued domain will show in the certificate information. If this doesn’t match the current site you’re on, this is the issue.

Note that there can be wildcard certificates and other variations (but for a typical site, it should match exactly).

Here’s an example on a Mac (it looks a little different on Windows):

ERR_SSL_VERSION_OR_CIPHER_MISMATCH Check issued domain on SSL certificate in Chrome
Using Chrome DevTools To Check For a Certificate Mismatch

If it’s not a certificate name mismatch, it might be an old TLS version.

Check for an Old TLS version

An old TLS version can result in an ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

Your web server should ideally be running at least TLS 1.2 (even better if you can run TLS 1.3). Cloudflare enables TLS 1.3 by default.

The SSL Labs tool will let you know if this is the case.

Under configuration, it will show you the current version of TLS running on the server with that certificate.

If it is old, it’s a relatively easy fix – contact your host and ask them to update their TLS version.

Another possible fix is clearing the SSL state on your computer.

Clear the SSL State On Your Computer

Another thing to try is clearing the SSL state in Chrome.

Here’s how you clear the SSL state in Chrome on Windows:

  • Click the Google Chrome – Settings icon (Settings) icon, and then click Settings.
  • Click on “Show advanced settings”.
  • Under Network, click Change proxy settings. The Internet Properties dialog box appears.
  • Click on the Content tab.
  • Click on “Clear SSL state”, and then click the OK button.
  • Restart Chrome (i.e. close and reopen it)

On a Mac it’s a little bit trickier – see this guide on how to delete an SSL certificate on a Mac.

The last thing it could be is the last part of the error code ERR_SSL_VERSION_OR_CIPHER_MISMATCH – a Cipher mismatch.

Check RC4 Cipher Suite

The RC4 cipher suite was removed in Chrome version 48.

It’s rare that this RC4 cipher mismatch is the root cause of the issue, but it can happen.

Microsoft recommends that RC4 be disabled. So if this is your server, consider changing the server configuration to a different cipher suite.

You can see the current cipher suite in the SSL Labs tool report.

If you’re looking for (free) tips to optimize your site speed with Cloudflare and rank higher on Google, you can follow me on Twitter 👉🏻 @bitofseo.

Please DM me if you have any questions about this Cloudflare article (or have some feedback to make it better 😄️).

About Jake Sacino

After working as an engineer and consultant for a bunch of big companies, Jake now works as a full-time SEO & software engineer.

...

Here are some other articles you might find useful