![]() ![]() Click “Clear SSL state”, and then click OK.The Internet Properties dialog box appears. Under Network, click Change proxy settings.Click the Google Chrome – Settings icon (Settings) icon, and then click Settings.To clear the SSL state in Chrome on Windows, follow these steps: Just like clearing your browser’s cache this can sometimes help if things get out of sync. Cipher suite Clear the SSL State In ChromeĪnother thing to try is clearing the SSL state in Chrome. You can view the current cipher suite in the SSL Labs tool (as seen below). So you should make sure the server configuration is enabled with a different cipher suite. Security researchers, Google, and Microsoft recommend that RC4 be disabled. Why? Because everything usually takes longer to upgrade and update in bigger and more complex configurations. This is not very common, but it could happen in say larger enterprise deployments that require RC4. TLS 1.3 server support Check RC4 Cipher SuiteĪnother reason according to Google’s documentation for ERR_SSL_VERSION_OR_CIPHER_MISMATCH is that the RC4 cipher suite was removed in Chrome version 48. If it is old, reach out to your host and ask them to update their TLS version. Under configuration, it will show you the current version of TLS running on the server with that certificate. This is something the SSL Labs tool can also help with. (Suggested reading: if you’re using legacy TLS versions, you might want to fix ERR_SSL_OBSOLETE_VERSION Notifications in Chrome). Cloudflare also enables TLS 1.3 by default. Kinsta supports TLS 1.3 on all of our servers and our Kinsta CDN. If you are a Kinsta customer you never have to worry about this as we always upgrade our servers to the latest and greatest supported versions. Ideally, it should be running at least TLS 1.2 (better yet, TLS 1.3). That is where a tool like SSL Labs can come in handy.Īnother possible reason is that the TLS version running on the web server is old. However, in our case, the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error actually prevented us from being able to check it in Chrome DevTools. ![]() Remember though, there are wildcard certificates and other variations, but for a typical site, it should match exactly. If this doesn’t match the current site you’re on, this is a problem. Right-click anywhere on the website and click on “Inspect.” Then click on the security tab and click on “View certificate.” The issued domain will show in the certificate information.
0 Comments
Leave a Reply. |