Have you recently encountered this error? Do you wonder why it happens on some websites in Google Chrome browser? And why it works on Firefox?
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
- This error occurs only in websites which use SSL encryption and HTTPS secure protocol for access and information exchange (e.g. when URL address starts with https://example.com and you notice a locker icon in front of website address)
- Additionally, it only occurs in websites that use SSL certificates with SNI (Server Name Indication) and ECDSA (Elliptic Curve Digital Signature Algorithm)
- ECDSA is often used in cheap SSL certificates (such as Comodo CA Limited) as it allows use of less bits for secure encryption
- Specific components in latest SSL certificates are not supported in older operating systems (like Windows XP) in browsers such as Internet Explorer and Google Chrome
- Firefox seems to handle the mismatch errors (probably because it is using own encryption library) and websites will work just fine (other less known and popular browsers may or may not work, as well)
FIX / SOLUTION FOR THIS PROBLEM
- Try non-secure non-encrypted website version, if available* (e.g. http://example.com – no s letter after http)
- Upgrade to Windows Vista or newer Operating System, if possible
- Use Firefox browser for these particular websites
- In Chrome 40 there was a temporary solution to manually over-ride minimum SSLv3 version support by visiting chrome://flags hidden internal settings, but this feature is removed in recent Chrome editions and no longer works
- For webmasters / website owners: switch to more robust / more compatible SSL certificates instead (Let’s Encrypt is 100% compatible and free!)
* many websites today exclusively use secure HTTPS versions, redirecting you automatically to https and no plain http version is available at all.
Well, I am not sure if this is some conspiracy against Windows XP users to force them to upgrade to at least Windows 7, and I don’t really know if there is a true technical reason behind it, because I don’t have knowledge of entire SSL standard and TLS encryption scheme to back the theory up, but there are really only few things left that you can do. Most probably, there must be some serious vulnerability discovered in such cases, that it was decided not to support it. Another reason may be that the SSL certificate in question is not “good enough” (e.g. cheap certificates that save on the bits and validate only domain and email address — switch to Let’s Encrypt in that case — seriously), and so they get ignored in some browsers, but accepted in others. All this is just my personal speculation, of course.
Comments
Post A Comment