ERR_SSL_VERSION_OR_CIPHER_MISMATCH

How to Fix “ERR_SSL_VERSION_OR_CIPHER_MISMATCH”

SSL / Certificate Error 📄 Chrome, Edge, Brave
⚡ Quick answer

ERR_SSL_VERSION_OR_CIPHER_MISMATCH means Chrome and the web server couldn't agree on an encryption method. The server only supports old, insecure SSL/TLS versions or cipher suites that Chrome has deprecated for security reasons.

First, check if your internet is working and what your current IP address is:

🔍 Check My IP Address →

What Causes the “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” Error?

Chrome has dropped support for SSL 3.0, TLS 1.0, and TLS 1.1. If a server only offers these older protocols, Chrome refuses to connect. This is almost always the website's problem — their server is running outdated software. It can also happen if the server's certificate uses an outdated SHA-1 signature algorithm.

How to Fix It — 5 Methods

1 Confirm It's the Website's Problem

Try opening the site in Firefox (which has more lenient legacy SSL support) or on a different device. If it loads in Firefox but not Chrome, the site is using TLS 1.0/1.1 — this is a server configuration issue and the website owner needs to update. There's typically nothing you can do on your end to permanently fix it.

2 Clear Chrome Cache and SSL State

Press Ctrl+Shift+Delete → All time → Cached images + Cookies → Clear. Also open Internet Options → Content tab → Clear SSL State. Restart Chrome. Rarely, cached negotiation data causes this error on sites that have recently upgraded their SSL.

3 Disable Antivirus HTTPS Scanning

Some antivirus programs proxy HTTPS connections using older TLS versions. If your antivirus is intercepting the connection and presenting it to Chrome using TLS 1.0, Chrome will reject it. Find and disable SSL/HTTPS scanning in your antivirus settings.

4 Update Chrome

Make sure Chrome is fully up to date: go to chrome://settings/help. Outdated Chrome versions sometimes have cipher suite issues resolved in newer releases.

5 Check the Domain's SSL Configuration

If you own the website or can contact the administrator: the fix is to enable TLS 1.2 and TLS 1.3 on the web server and disable all older versions. On Apache, add SSLProtocol TLSv1.2 TLSv1.3. On Nginx, set ssl_protocols TLSv1.2 TLSv1.3;. Run the site through Qualys SSL Labs (ssllabs.com/ssltest/) to get a full diagnosis.

🔒
Some errors are caused by ISP blocks or network restrictions
A VPN bypasses them instantly by routing through a different server.
PureVPN → IPVanish →

Fixed it? Visit tools.examineip.com to confirm your IP address and connection are working correctly.

Frequently Asked Questions

Why does Internet Explorer load the site but Chrome doesn't?
Internet Explorer still supports deprecated TLS versions for backward compatibility. Chrome does not — it prioritises security over compatibility. The site needs to be updated.
I get this on an internal company site — what should I do?
Internal sites are often running older server software. Report it to your IT department — they need to update the server's TLS configuration. As a temporary workaround, you can use Firefox, which may still support older TLS versions with a warning.
Can a VPN help with this error?
No. This is a TLS negotiation failure that happens regardless of which network you're on. A VPN can't change what SSL version the destination server offers.

Learn More About IP Addresses & Privacy

← Back to the complete guide: Internet Errors Hub

Last updated: April 2, 2026 • Report an error

Scroll to Top