While accessing a website running over HTTPS protocol to ensure the certificate and SSL/TLS connection is valid a series of steps are performed between the browser and the web servers at the backend. This includes the TLS handshake, the certificate authority checking the certificate present, and decryption of the certificate. If there is any misconfiguration or unsupported version of the certificate available the browser might display the error: “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” which refrains from accessing any website. The error “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” typically occurs on older operating systems, versions of browsers, or the older SSL certificate.
There can be a number of solutions to clear SSL State in Edge and Mac which include:
- Check Your SSL Certificate
- Check for Certificate Name Mismatch
- Check for Old TLS version
- Try Clearing the SSL State On Your Computer
- Use a New Operating System
- Temporary Disable Antivirus
Table of Contents
Check Your SSL Certificate
To start troubleshooting this issue by performing an SSL check on the certificate that is installed on the site. Any free SSL certificate checking tool can be used for this. To check out simply input the domain name into the Hostname field and click on the “Submit” button. It could take a minute or two to scan the site’s SSL/TLS configuration on the webserver.
Check for Certificate Name Mismatch
To check the certificate of the current domain name is by opening up Chrome DevTools on the site. Right-click anywhere on the webpage and select “Inspect”. Click on the “Security” tab and then click on “View certificate”.
The “Issued to” will show the domain certificate information. If this doesn’t match the current site it can be one of these options:
- The website that you are accessing doesn’t use SSL but shares an IP address with some other site that does support SSL.
- The website you are trying to access doesn’t exist, yet the domain points to an old IP address, where some other site is hosted.
- The website is using a content delivery network (CDN) that doesn’t support SSL.
- The website name is different and the alias was not included in the SSL certificate.
Check for Old TLS version
Older versions of TLS running on the webserver can be one of the issues. The least version of TLS recommended is TLS 1.2 through TLS 1.3 is better. If the TLS certificate is old, reach out to website support and ask them to update their TLS version.
Try Clearing the SSL State On System
Clearing the SSL state in the browser can help to fix this issue. This is just the same as clearing the browser’s cache which can sometimes help if things get out of sync. To clear the SSL state in Chrome on the Windows Operating system you can:
- Open the Google Chrome browser and click on the three dots at the top right-hand corner of the browser and then click the option of “Settings”.
- Scroll down and select the “Advanced” settings options.
- Under the Network option, click on the option of “Change proxy settings”. The Internet Properties dialog box appears.
- Select the “Content” tab from the top.
- Hit the “Clear SSL state” button and then click on “OK” from the bottom of the page.
- After that restart the Google Chrome browser to see if that has fixed the issue.
Read more on: How To Fix ERR_SSL_PROTOCOL_ERROR Localhost In Google Chrome
Use a New Operating System
Older versions of operating systems often fall out of date with the latest technologies such as the latest version of TLS 1.3, cipher suites, or components of the latest SSL certs will simply stop working. Google Chrome pulled the plug on Windows XP back in 2015.
Temporary Disable Antivirus
If all of the above-mentioned steps have not worked and the browser is still showing the error of “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” ensure that your third party antivirus is not causing the issue. As a troubleshooting step try to temporarily disable it. Few antivirus programs create a layer between the browser and the web with their own certificates which sometimes can cause issues.
Comments are closed.