ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Hello I am currently trying to resolve ERR_SSL_VERSION_OR_CIPHER_MISMATCH errors and hoping someone has some ideas on how to help.
Our application has different environments based on the subdomain off our main domain and this is a SAAS application so each customer has their own subdomain of that domain/subdomain.
So if for example we use "a.com" as the domain root, our users on the Production environment are under "a-customer.a.com" and users on our other environment would use "b-customer.b.a.com", "c-customer.c.a.com", etc.
Everything routes through Cloudflare and right now all non-production environments are getting this error. Up until recently, it was just a single environment getting this error, than suddenly this week all non-prod environments are getting this error and we can't figure out why.
In Cloudflare, we have Universal SSL enabled. The Encryption Mode is in Full (strict) mode. TLS 1.2 is the minimum version and TLS 1.3 is enabled but not required.
We are using the Advanced Certificate Manager to have both Advanced and Total TLS certificates to cover different subdomains (one subdomain is using Advanced / manual and the reset are using Total TLS). All the Edge certificates are currently Active and not expired and are covering the domain/subdomains and are wildcarded. So we have certs for * .a.com, * .b.a.com, * .c.a.com, etc.
We are using AWS EC2 load balancers (one per environment) and were previously using the Origin Certificates from Cloudflare on the load balancers. These certs mirror the Edge certs in what they cover and are active. We did try and manually generate certs on AWS and put those certs on the AWS load balancers but that hasn't resolved the issue.
We were previously using the default TLS ciphers in Cloudflare but now used the API to manually set them to the exact ciphers that AWS is using, that hasn't worked either.
2 Replies
You can try follow the decision tree here.
https://developers.cloudflare.com/ssl/troubleshooting/version-cipher-mismatch/
Cloudflare Docs
ERR_SSL_VERSION_OR_CIPHER_MISMATCH | Cloudflare SSL/TLS docs
Learn how to troubleshoot ERR_SSL_VERSION_OR_CIPHER_MISMATCH when using Cloudflare SSL/TLS.
Yes we have followed that and unfortunately we're at the end of (get an advanced or custom cert) and we are using advanced certs and they aren't expired and they are active. So we're stuck.