ERR_SSL_VERSION_OR_CIPHER_MISMATCH - error in Chrome while opening some HTTPS websites - Windows XP SP3

$1
=
$0
+
$1
$1 Bitcoin bounty has been announced by author.
$0 has been already awarded by author.
$1 remains available.
0

Latest Chrome browser (version 41.0.2272.118 m, Windows XP SP3) occassionaly gives me the following error. It happens on some HTTPS websites, for example maniacdev.com:

https://maniacdev.com/

Chrome shows the following error:

A secure connection cannot be established because this site uses an unsupported protocol.
Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

At the same time, on the same box, Firefox (version 32.0.3) opens the same URL without errors. I am pretty sure that Firefox provides more options for chipher selection, or does not restrict certain SSL versions when negotiating that SSL handshake, and so secure connection is being successfully established in Firefox.

Question: is there an option somewhere in Chrome Settings to relax this overly strict for my needs security policy? I just want to open a webpage and honestly I DO NOT CARE about Man-In-The-Middle or NSA :) EAT THAT GOOGLE

Any suggestions on how to relax Chrome SSL security policies? Thanks!

4 answers - total earned - 2.7 mBTC ($0.75 USD)

4
=
1
=
$0.75
1 tip with total amount of 2.7 mBTC($0.75 USD) have been sent by kulibin

My solution

I was not able to find any real solution other than using downgraded FireForx version 32.0.3. So I would have to continue using FireFox v.32.0.3 whenever I hit that ERR_SSL_VERSION_OR_CIPHER_MISMATCH error in Chrome. Version 33 and 34 may also work - it looks like the latest version of FireFox that still works with SSLv3 would be 34. However, I am using 32.0.3.

Here is the link to install English Win32 version of FireFox v.32.0.3 from Mozilla official FTP site:

Firefox Setup 32.0.3.exe -- 24-Sep-2014 05:21 -- 34Mb

You would need to disable autoupdates so it does not catch that SSLv3 paranoia again:

Menu btn > Options icon > "Update" tab > "Never check for updates"

I was "lucky" that I disabled Firefox updates some time ago and ended up with Firefox version 32 which is not afraid of POODLE and it will be kept that way (i.e. without upgrades), so I have some way to read those poor socially excluded websites with SSL 3.0 next time Chrome shows me

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Alternative idea (not tested)

  • try using Opera browser, some people say it provides a "continue" option on those problematic HTTPS websites.

Security Notes

  • If this is your laptop and you often browse from public WiFi, try not to use that FireFox while on a public WiFi, or someone evil may steal your https cookies (below)
  • If you do not trust your Internet Provider, delete all existing FireFox cookies and do not ever use that FireFox to login into any sensitive websites, or your evil Internet Provider may steal your https cookies (below).

Here is the root cause of this error:

  • the HTTPS site I wanted to connect to only supports old version of TLS called SSL 3.0 or SSLv3
  • that version 3.0 of SSL is proven to be insecure, because of the newly discovered POODLE vulnerability (here is much better description of POODLE) which can only be exploited if you ever visit unsecured WiFi with malicious owner who would then trick you to visit his malicious website with certain Javascript (or inject malicious Javascript into non-protected HTTP response from a regular website you are visiting there). That malicious Javascript that would need to submit to about 8,000 web requests from your browser to some good site that they know you use, and then, if everything works perfect, they may get to conclude the value of your 32-byte cookie. They would need around 256 requests on average to decrypt one byte. Multiply that with the number of bytes in the cookie, and most often, this attack can be done in seconds or minutes. As far as I understand, even then they would not be able to actually intercept your HTTPS communication. Well, stealing your cookie is bad, don't get me wrong.
  • because I visit WiFi hotspots full of POODLE hackers with my desktop computer in a bag every other day, Google has rightfully decided to protect me from reading those old sites that cannot be reconfigured for using more recent version of SSL, without giving me any option to decide on it. Why is that important? Because for example people run certain hardware that is being administered through HTTPS SSLv3 interface and upgrades are not always possible, for example Tomato and DD-WRT routers - dd-wrt 25408, Asus RT-N66U, Linksys e4200, etc. To see what kind of hoops people have to jump through with Wireshark and lower lever SSL debugging to make their routers back accessible, click here
  • Google has disabled SSLv3 in Chrome starting from version 40.
  • Firefox has followed the suit and disabled the SSLv3 since version 34.

Tried this, and it DID NOT WORK for me, because I have Chrome version 41. Apparently IT DID WORK for some people who had Chrome version before 40, so I am still posting it here:

- Copy this to your address bar in chrome: chrome://flags
- Find a setting named "Minimum SSL/TLS version supported."
- Choose SSLv3
- Click on "Relaunch now" button
- Go back to the HTTPS page that was giving you ERR_SSL_VERSION_OR_CIPHER_MISMATCH error
- You will be redirected to a "Your connection is not private" page. If you do not worry about this security issue click on the "Advanced" link.
- Click on "Proceed to <your https page> (unsafe)".

from here:

https://answers.microsoft.com/en-us/ie/forum/ie11-windows7/errsslversionorciphermismatch/567fd181-7a27-48c5-95d1-b3095df255ec?page=1

SEND BITCOIN TIPS

Thank you, I am one of those who was not able to get to my DD-WRT router admin page - all because of that Chrome Poodle paranoia. So I have followed your advice and downgraded my FireFox to version 32 and at least I can access my router now! Thanks!

1

i'm having ERRSSLVERSIONORCIPHER_MISMATCH

SEND BITCOIN TIPS
0

Here’s the main I got for my problem, 1) I get the error in IE 11 and Google Chrome. Affected sites are some of Google (maps, youtube, & calendar) and Bing.com. Haven't really tried many other SSL/TLS sites. Some work fine though. 2) Everything was working properly until I "refreshed" my operating system. An additional note is that a second user, on this same computer, has no problems with secured sites. And then I followed this steps and the problem was gone. ERRSSLVERSIONORCIPHERMISMATCH – Solutions Encyclopedia

SEND BITCOIN TIPS
0

In most cases, browsers can't verify an HTTPS connection because something prevents it do that.

I've encountered this problem a few times before and in most cases, the date & time of my device are incorrect. Or my firewall has blocked HTTPS connections.

In order to solve it, you have to check two points above. Besides, I found this guide from Google, which may help you fix it.

SEND BITCOIN TIPS
0

Post Answer


Top 3 Tippers
Recent Tips

Will Bitcoin Tipping become a new Internet Culture?


Please share our story! THANK YOU!