Website uses an unsupported protocol.
Urgh, how annoying. Especially if this is your website.
While the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error typically happens on older operating systems or browsers, it can still occur even if you’re running the latest version of chrome on the latest Windows/Mac operating system.
This is your browser’s way of saying that something has gone wrong in the TLS Handshake (a TLS Handshake part of the process your browser goes through to make sure it’s serving you the right website) – such as a misconfiguration or unsupported version.
Two other ways this error can be presented:
- The client and server don’t support a common SSL protocol version or cipher suite
- Error 113 (net::err_ssl_version_or_cipher_mismatch): unknown error
Here are some simple ways to fix this error.
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Cloudflare Error
- Check Your Browser And Operating System
- Temporary Disable Antivirus
- Verify Your SSL Certificate is Correct
- Check for Certificate Name Mismatch
- Check for Old TLS version
- Clear the SSL State On Your Computer
- Check RC4 Cipher Suite
Check Your Browser And Operating System
The first step is to make sure the issue isn’t caused by an out of date operating system or browser, as none of the other steps below are going to help if this is the case.
An out of date version of your browser (how did you even manage to download Internet Explorer 6?) is a common cause for the dreaded ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
Older operating systems can also be the root cause as they gradually fall out of date with newer technologies (e.g. TLS 1.3) as browsers stop supporting them.
For example, Google Chrome ended support for Windows XP back in 2015.
If you’re unsure whether your browser or operating system is out of date, check the website using another computer or device, such as your smartphone (which will tend to be relatively up-to-date… unless you’re been ignoring that pesky “Update” notification for a few years now 😉️).
If a more up to date device is working, it’s likely got to do with your browser or operating system.
If you haven’t already, download the latest version of Chrome and see if the error goes away.
If the error is still present, then it might be your OS, and you should download the latest version of Windows / Mac / Ubuntu / etc.
Remember this is only if the error is present on your computer but not on a more up to date device. If the error is only present on your computer but not your smartphone and you’re confident that your browser + OS is up to date, then it could be the antivirus software you’re using.
Temporary Disable Antivirus
Some antivirus applications create a layer between your browser and the web with their own certificates, which can result in the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
Try temporarily pausing or disabling your antivirus software and see if the issue persists.
If the error doesn’t go away, we need to check if the SSL certificate has been set up correctly.
Verify Your SSL Certificate is Correct
Now that we’re eliminated user-specific issues, we need to make sure that the SSL certificate is actually valid.
This is easily done with a free SSL checking tool, like this one from SSL Labs.
Simply input your domain into the Hostname field and click “Submit”, as shown below:
After a few minutes of scanning your site’s SSL/TLS configuration, you’ll know whether your SSL certificate is valid.
If it’s not valid, we’ll run through the possible reasons this could be the case below.
Check for Certificate Name Mismatch
A certificate name mismatch can result in an ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
As you can see from the SSL Labs test below, this is pretty quick and easy to diagnose. As SSL Labs states, a mismatch can be a number of things such as:
- The site does not use SSL but shares an IP address with some other site that does.
- The site no longer exists, yet the domain still points to the old IP address, where some other site is now hosted.
- The site uses a content delivery network (CDN) that doesn’t support SSL.
- The domain name alias is for a website whose name is different, but the alias was not included in the certificate.
You can also use Chrome DevTools to check for a certificate mismatch (although often the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error will prevent you from being able to check it in Chrome DevTools).
To do this:
- Open up the website in Google Chrome
- Right-click anywhere on the website and click “Inspect.”
- Click on the Security tab and click “View certificate.”
- The issued domain will show in the certificate information. If this doesn’t match the current site you’re on, this is the issue.
Note that there can be wildcard certificates and other variations (but for a typical site, it should match exactly).
Here’s an example on a Mac (it looks a little different on Windows):
If it’s not a certificate name mismatch, it might be an old TLS version.
Check for Old TLS version
An old TLS version can result in an ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
Your web server should ideally be running at least TLS 1.2 (even better if you can run TLS 1.3). Cloudflare enables TLS 1.3 by default.
The SSL Labs tool will let you know if this is the case.
Under configuration, it will show you the current version of TLS running on the server with that certificate.
If it is old, it’s a relatively easy fix – contact your host and ask them to update their TLS version.
Another possible fix is clearing the SSL state on your computer.
Clear the SSL State On Your Computer
Another thing to try is clearing the SSL state in Chrome.
Here’s how you clear the SSL state in Chrome on Windows:
- Click the Google Chrome – Settings icon (Settings) icon, and then click Settings.
- Click on “Show advanced settings”.
- Under Network, click Change proxy settings. The Internet Properties dialog box appears.
- Click on the Content tab.
- Click on “Clear SSL state”, and then click the OK button.
- Restart Chrome (i.e. close and reopen it)
On a Mac it’s a little bit trickier – see this guide on how to delete an SSL certificate on a Mac.
The last thing it could be is the last part of the error code ERR_SSL_VERSION_OR_CIPHER_MISMATCH – a Cipher mismatch.
Check RC4 Cipher Suite
The RC4 cipher suite was removed in Chrome version 48.
It’s rare that this RC4 cipher mismatch is the root cause of the issue, but it can happen.
Microsoft recommends that RC4 be disabled. So if this is your server, consider changing the server configuration to a different cipher suite.
You can see the current cipher suite in the SSL Labs tool report.