Latest Chrome browser (version 41.0.2272.118 m, Windows XP SP3) occassionaly gives me the following error. It happens on some HTTPS websites, for example maniacdev.com:
Chrome shows the following error:
A secure connection cannot be established because this site uses an unsupported protocol. Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
At the same time, on the same box, Firefox (version 32.0.3) opens the same URL without errors. I am pretty sure that Firefox provides more options for chipher selection, or does not restrict certain SSL versions when negotiating that SSL handshake, and so secure connection is being successfully established in Firefox.
Question: is there an option somewhere in Chrome Settings to relax this overly strict for my needs security policy? I just want to open a webpage and honestly I DO NOT CARE about Man-In-The-Middle or NSA :) EAT THAT GOOGLE
Any suggestions on how to relax Chrome SSL security policies? Thanks!
I was not able to find any real solution other than using downgraded FireForx version 32.0.3. So I would have to continue using FireFox v.32.0.3 whenever I hit that
ERR_SSL_VERSION_OR_CIPHER_MISMATCH error in Chrome. Version 33 and 34 may also work - it looks like the latest version of FireFox that still works with SSLv3 would be 34. However, I am using 32.0.3.
Here is the link to install English Win32 version of FireFox v.32.0.3 from Mozilla official FTP site:
Firefox Setup 32.0.3.exe -- 24-Sep-2014 05:21 -- 34Mb
You would need to disable autoupdates so it does not catch that SSLv3 paranoia again:
Menu btn > Options icon > "Update" tab > "Never check for updates"
I was "lucky" that I disabled Firefox updates some time ago and ended up with Firefox version 32 which is not afraid of POODLE and it will be kept that way (i.e. without upgrades), so I have some way to read those poor socially excluded websites with SSL 3.0 next time Chrome shows me
Alternative idea (not tested)
Tried this, and it DID NOT WORK for me, because I have Chrome version 41. Apparently IT DID WORK for some people who had Chrome version before 40, so I am still posting it here:
- Copy this to your address bar in chrome: chrome://flags - Find a setting named "Minimum SSL/TLS version supported." - Choose SSLv3 - Click on "Relaunch now" button - Go back to the HTTPS page that was giving you ERR_SSL_VERSION_OR_CIPHER_MISMATCH error - You will be redirected to a "Your connection is not private" page. If you do not worry about this security issue click on the "Advanced" link. - Click on "Proceed to <your https page> (unsafe)".
Here’s the main I got for my problem, 1) I get the error in IE 11 and Google Chrome. Affected sites are some of Google (maps, youtube, & calendar) and Bing.com. Haven't really tried many other SSL/TLS sites. Some work fine though. 2) Everything was working properly until I "refreshed" my operating system. An additional note is that a second user, on this same computer, has no problems with secured sites. And then I followed this steps and the problem was gone. ERRSSLVERSIONORCIPHERMISMATCH – Solutions Encyclopedia
In most cases, browsers can't verify an HTTPS connection because something prevents it do that.
I've encountered this problem a few times before and in most cases, the date & time of my device are incorrect. Or my firewall has blocked HTTPS connections.
In order to solve it, you have to check two points above. Besides, I found this guide from Google, which may help you fix it.