Browser Error: SSL Version or Cipher Mismatch


I’ve been trying to troubleshoot this browser error for the last couple of days to no avail. The actual error in Chrome is: ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

The results from here:
show numerous failed handshakes for some browsers.

Running this command:
certbot certificates

Gave this result:
Found the following certs: Certificate Name: Domains: Expiry Date: 2018-07-22 19:04:06+00:00 (VALID: 82 days) Certificate Path: /etc/letsencrypt/live/ Private Key Path: /etc/letsencrypt/live/ Certificate Name: Domains: Expiry Date: 2018-07-30 16:08:21+00:00 (VALID: 89 days) Certificate Path: /etc/letsencrypt/live/ Private Key Path: /etc/letsencrypt/live/

There two certs as a result of troubleshooting. Let me know if there’s anything else I can provide. Any help would be greatly appreciated!

Additional Information:
My domain is:

My web server is: nginx/1.13.12

The operating system my web server runs on is: Ubuntu 16.04.4

My hosting provider is: A2 Hosting

I can login to a root shell on my machine: Yes

I’m using a control panel to manage my site: No

Hi @andrew_bmp,

Seems your cipher list is a bit… aggressive :wink:

Maybe you could try to use this cipher list in your nginx conf:



Chrome doesn’t support secp521r1 (P-521) ECDH.

You need to enable X25519, P-256 and/or P-384.

1 Like

Wow, great. It’s working! Thanks a lot; I didn’t fully understand that option.

1 Like

Thank you, I made the changes.

1 Like

It seems that you are truly concerned about making your site as secure as possible.
If so, you might want to:
Increase the cert key size from RSA 2048 bits to RSA 4096 bits
Provide and prefer an ECDSA cert with 384 bits
Enable CHACHA20-POLY1305 cipher
Enable CAA

and for more pointers you can read through

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.