The ERR_SSL_VERSION_OR_CIPHER_MISMATCH error occurs on Chromium-based browsers like Google Chrome and Microsoft Edge. On Firefox, you’ll encounter the SSL_ERROR_NO_CYPHER_OVERLAP error instead.
Regardless of the exact error code, the main reason you encounter this error is that the web server you’re trying to access uses outdated and insecure configurations like SSL or RC4.
As such, this issue can only be ‘fixed’ from the backend, but that’s not to say users can’t do anything about this. We’ve also detailed ways for users to bypass the error if you require it in this article.
Table of Contents
What Causes This SSL Error?
- Invalid SSL certificates
- Issues with the site’s CDN
- Corrupt SSL cache
- SSL interception by antivirus
Ways to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Since the actual problem is with the ciphers used on the server side, the proper fix is to configure the web server correctly, so we’ve listed it first. But as this backend fix won’t be applicable to normal users, we’ve also listed other ways further in the article to fix or bypass this error in case of client-side issues.
Resolve Server-End Issues
If you aren’t already aware of your web server configurations, you can check them by pressing the padlock icon in the URL bar and selecting Connection is secure > Certificate is valid.
In the General and Details tabs, you can check the SSL Certificate Common Name, SSL Version, Certificate Signature Algorithm, and more. If you perform an online SSL test, you’ll receive even more info in an easy-to-digest form.
Regardless of how you check the configurations, though, the important thing is to make sure that your server doesn’t support an outdated TLS version or encryption method. You should also ensure that there isn’t a certificate name mismatch issue.
Depending on the CDN you’re using, there may be some misconfigured SSL-related settings that are leading to this error. For instance, in the case of Cloudflare, you need to turn on the Disable Universal SSL option to resolve this error.
Bypass SSL Warning
Most browsers don’t support outdated configurations like TLS 1.0 or non-HTTPS connections for a good reason. But there are some cases where you must access the site despite the security risk. For instance, you may need to access an old router or a WiFi device. In such cases, there are a few things you can do.
On Chrome, you can type thisisunsafe (all lowercase and no spaces) )while on the warning page to bypass the error and access the site.
The SSL Version Or Cipher Mismatch error is often limited to a specific browser. So, your second option is to try accessing the site with a different browser.
The third option, which ties into the previous one, is to use an old version of the browser. The reason switching browser works is that often, the secondary browser is outdated and still supports insecure configurations, which ultimately allows you to access the website.
We don’t freely recommend this due to security reasons, but if you must access the site, this is still an option to consider.
Downgrade TLS Version
Another way to bypass this error is by downgrading the minimum TLS version supported on your browser. But as we’ve said, making these changes lowers the security level of your browser and leaves you vulnerable to attacks.
As such, we recommend only making these changes to the secondary browser or simply reverting these changes after you’re done with the website you were trying to access. You could also use a TLS proxy. Or an even better alternative is to use a dedicated browser in a VM, but this may not always be feasible.
In any case, if you do decide to downgrade the TLS version, here’s how you can do this on Chrome:
- First, close Chrome if it’s currently running.
- Right-click the Chrome shortcut you typically use and copy it.
- Right-click the new copy and select Properties.
- In the Target field, add a space to the shortcut path and add the following commands at the end to set the min and max TLS versions:
--ssl-version-min=<value>
--ssl-version-max=<value>
The accepted values are: “ssl3“, “tls1“, “tls1.1“, and “tls1.2“. - Press OK to save the changes and use this shortcut to launch Chrome with the applied flags.
On Firefox, you can follow these steps instead:
- Launch Firefox and enter
about:configin the address bar. - Accept the prompt and continue.
- Search for
security.tls.versionand change the min, max, and fallback-limits. The acceptable values are 0, 1, 2, 3, and 4, which correspond to SSL3, TLS1, TLS1.1, TLS1.2, and TLS1.3, respectively.
- Restart the browser and check if you can access the site now.
Clear Browser Cache
If incorrect certificate information is cached by your browser, that can also cause SSL errors such as this one. You can test for this by trying to access the site in Incognito or Private mode, as it temporarily uses a fresh cache store.
In case this turns out to be the issue, you can clear the SSL cache along with the browser cache. Here’s how you can do this on Chrome:
- Launch Chrome and press CTRL + Shift + Del.
- Change the Time Range to All time and press Clear Data.
Here are the steps for Firefox:
- Launch Firefox and press CTRL + Shift + Del.
- Change the time range to Everything, select Cookies, Cache, Site settings, Offline website data, and press OK.
Disable Antivirus/Firewall
In some cases, third-party antivirus or firewall tools have been found to intercept TLS certificates. These interceptors could be doing a number of things on the backend, from modifying certificate information to sending invalid ciphers to the browser, that’s ultimately causing this error.
As such, we recommend that you temporarily disable any third-party security tools that you’re using and then try to access the site. If the antivirus does turn out to be the issue, you should consider switching to a different antivirus or simply Windows Defender.
