‘err_ssl_version_or_cipher_mismatch’ Error in Chrome – What To Do
The life of an IT admin usually revolves around resetting passwords, tidying up user inboxes and telling people they cannot have more storage space. Every now and again though, you get to work on something interesting. Last week it was a new error I had never seen before, ‘err_ssl_version_or_cipher_mismatch’ in Chrome.
The error syntax gave me a clue as to what was wrong, there was some issue with the SSL certificate or security setting of a website or the browser. The SSL flag meant there was something likely wrong with the website’s SSL certificate or the expectation of Chrome when it saw that certificate. I must admit that I didn’t know any more than that so had to do some research.
First I’ll show you how to fix the issue, then I’ll discuss how it all works.
Fix err_ssl_version_or_cipher_mismatch in Chrome
If there is a mismatch in the supported SSL versions and the version being used by the web server sending the certificate you will see this message. It was very prevalent a couple of years ago when Chrome stopped supporting SSL 3.0 but should be rarer now unless you are running an outdated browser or the server sending the certificate has a configuration issue.
Here’s how to fix it.
- Open Chrome and type chrome://flags in the URL box.
- Navigate to ‘Maximum TLS version enabled’.
- Set to default or try TLS 1.3.
- Select Relaunch now.
Older guides says to select Minimum SSL/TLS version supported and set it to SSLv3 but the options have changed in newer versions of Chrome. In theory, this error shouldn’t even happen in newer versions of Chrome as SSL is now handled differently. It still appears occasionally though.
If this alone doesn’t fix err_ssl_version_or_cipher_mismatch in Chrome you may need to flush the SSL certificate cache.
- Navigate to the three dot Settings icon in Chrome.
- Select Advanced at the bottom of the page.
- Select Open proxy settings in the System box.
- Select the Content tab and select Clear SSL state.
- Select OK and close the windows.
This should definitely stop you seeing err_ssl_version_or_cipher_mismatch.
Ever since we began trying to secure the internet with HTTPS instead of HTTP, SSL certificates have been more important than ever. They form part of the secure connection between your browser and the web host that can encrypt all data that flows between you. Every time you buy something or use internet banking, you need your data encrypted so it cannot be intercepted. An SSL certificate helps.
An SSL certificate is issued by a trusted party called a Certificate Authority or CA. It issues it to the website owner and installs it on their web server. It contains a public and a private key which encryption software within the browser uses to create a secure connection.
There are five main steps to setting up an encrypted browsing session. It happens within a second or two behind the scenes. Every time you land on a secure website, this process is repeated.
- When a web browser accesses a secure website (HTTPS), it is greeted with an SSL handshake. This makes sure both server and browser can accept a secure connection and have everything necessary to do so. Once the handshake is complete, the public encryption key is shared.
- Once acknowledged, the server sends a copy of its SSL certificate to your browser. It includes the public key which can begin the encrypted session.
- The browser checks the certificate against a list of Certificate Authority to check it is real. It also makes sure it hasn’t expired or been tampered with.
- The browser then encrypts the connection and sends the web server a symmetric session certificate that will last only for the time you are on the website. It uses the server’s public key for this.
- The web server decrypts that symmetric session key with its private key and acknowledges the connection to your browser.
If the browser doesn’t see what it expects in that SSL certificate, the err_ssl_version_or_cipher_mismatch error can occur. It only happens in Chrome as Firefox, Opera, Safari and the others handle SSL certificates differently.
This error only really happened on older versions of Chrome (version 40) as it handled SSL in a different way. Newer versions of Chrome how handle SSL in a more thorough way and you should never see this issue. While the first fix tweaks TLS settings and not SSL, it seemed to make a difference. However, the second fix, clearing the SSL state is likely more effective.
Have you see then err_ssl_version_or_cipher_mismatch error recently? Got any other fixes for it? Tell us about it below if you do!