Home > err_ssl_version_or_cipher_mismatch

How to Fix Err_ssl_version_or_cipher_mismatch?

Alton Alexander
By Alton AlexanderUpdated on June 4th, 2022

The "err_ssl_version_or_cipher_mismatch" error is usually caused by a browser or server configuration issue. This error can also be caused by a misconfigured server or by a server that is using an outdated SSL protocol.

Other common searches for this error include:

  • error code err_ssl_version_or_cipher_mismatch
  • err_ssl_version_or_cipher_mismatch

1. Check the SSL/TLS settings on your server

  1. Open a command prompt and navigate to the directory where the SSL/TLS certificates are stored.
  2. Type the following command to list the SSL/TLS certificates on the server. certutil -list
  3. If the SSL/TLS certificates are not listed, then the server may not have the required certificates installed. To install the certificates, type the following command. certutil -install
  4. Next, type the following command to verify the SSL/TLS settings on the server. certutil -verify -verbose
  5. If the SSL/TLS settings on the server are not correct, then the server may not be able to establish a secure connection with the client. To fix the settings, type the following command. certutil -set_server_certificate_key <path to the SSL/TLS certificate>
  6. If the server still cannot establish a secure connection, then the SSL/TLS settings on the server may need to be updated. To update the SSL/TLS settings, type the following command. certutil -set_server_certificate_key <path to the SSL/TLS certificate> <new key>

2. Check the cipher suites that your server is using

First, you will need to open a command prompt and navigate to the folder where your SSL certificates and keys are stored. Next, you will need to open the certificate store using the following command: certutil -store -config <config file> Once you have opened the certificate store, you will need to identify the cipher suite that your server is using. To do this, you will need to use the following command: certutil -list The output of this command will show you the cipher suite that your server is currently using. Next, you will need to update your server's cipher suite to the one that you identified in the previous command. To do this, you will need to use the following command: certutil -set <cipher suite name> <server configuration> For example, if you wanted to change the cipher suite that your server was using to the "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" cipher suite, you would use the following command: certutil -set TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA <server configuration>

3. Upgrade to a newer version of OpenSSL

The steps to upgrade to a newer version of OpenSSL vary depending on the platform. In general, though, the process involves downloading the new version of OpenSSL, unzipping it, and copying the files to the desired location.

4. Use a different cipher suite

The first step is to open the "ssl" configuration file in your server's root directory. This file can be found by running the "sudo nano /etc/ssl/certs/server.crt" command. The default location for this file is "/etc/ssl/certs/". The second step is to modify the "ssl" configuration file. In this file, you will need to locate the line that reads "ssl_ciphers". You will need to modify this line to include a new cipher suite. The third step is to restart the server. To do this, you will need to run the "sudo service ssl restart" command.

Still not working? maybe try one of these options:

  1. Use a different SSL/TLS protocol