Skip to content

Latest commit

 

History

History
90 lines (59 loc) · 4.08 KB

version-cipher-mismatch.md

File metadata and controls

90 lines (59 loc) · 4.08 KB
Raw
title pcx_content_type weight meta
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
troubleshooting
1
title description
Fix VERSION_OR_CIPHER_MISMATCH
Learn how to troubleshoot ERR_SSL_VERSION_OR_CIPHER_MISMATCH when using Cloudflare SSL/TLS.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

After you add a new domain to Cloudflare, your visitors' browsers might display one of the following errors:

  • ERR_SSL_VERSION_OR_CIPHER_MISMATCH (Chrome)
  • Unsupported protocol The client and server don’t support a common SSL protocol version or cipher suite (Chrome)
  • SSL_ERROR_NO_CYPHER_OVERLAP (Firefox)

This error occurs when your domain or subdomain is not covered by an SSL/TLS certificate, which is usually caused by:

Decision tree

flowchart TD
accTitle: Troubleshooting ERR_SSL_VERSION_OR_CIPHER_MISMATCH decision tree
A>Is your certificate active?] -- Yes --> B>Is the DNS record proxied?]
A -- No --> C[Wait for certificate to activate or pause Cloudflare]
B -- No --> D[Proxy the DNS record]
B -- Yes --> E>Are you using a custom certificate?]
E -- Yes --> F[Custom certificate may be expired]
E -- No --> G>Are you accessing a multi-level subdomain?]
G -- Yes --> H[Get an advanced or custom certificate]
Loading

Certificate activation

{{}}

Potential issues

If your visitors experience ERR_SSL_VERSION_OR_CIPHER_MISMATCH (Chrome) or SSL_ERROR_NO_CYPHER_OVERLAP (Firefox), check the status of your Universal certificate:

  1. Log into the Cloudflare dashboard.
  2. Choose your account and domain.
  3. Go to SSL > Edge Certificates.
  4. Find the certificate with the Type of Universal.
  5. Make sure the Status is Active.

If the Status is anything other than Active, you can either wait a bit longer for certificate activation or take immediate action.

Lösungen

If you need to immediately resolve this error, temporarily pause Cloudflare.

Since Universal certificates can take up to 24 hours to be issued, wait and monitor the certificate's status. Once your certificate becomes Active, unpause Cloudflare using whichever method you used previously.

If your certificate is still not Active after 24 hours, try the various troubleshooting steps used to resolve timeout issues. If these methods are successful (and your certificate becomes Active), unpause Cloudflare using whichever method you used previously.

Proxied DNS records

Cloudflare Universal and Advanced certificates only cover the domains and subdomains you have proxied through Cloudflare.

If the Proxy status of A, AAAA, or CNAME records for a hostname are DNS-only, you will need to change it to Proxied.

Proxy status affects how Cloudflare treats traffic intended for specific DNS records

Certificate expiration

If you have a Custom certificate and visitors experience ERR_SSL_VERSION_OR_CIPHER_MISMATCH (Chrome) or SSL_ERROR_NO_CYPHER_OVERLAP (Firefox), check its status to make sure it is not expired.

If it is expired, upload a replacement certificate.

Multi-level subdomains

{{}}

This means that you might experience ERR_SSL_VERSION_OR_CIPHER_MISMATCH (Chrome) or SSL_ERROR_NO_CYPHER_OVERLAP (Firefox) on multi-level subdomains.

{{}}