ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Wow, it’s being very stubborn! Everything looks good to me, so I don’t know why my browser doesn’t like the certificate presented by Cloudflare. You should contact support: Login & go to https://dash.cloudflare.com/?account=support

1 Like

in any case I thank you all for trying to help me thank you I hope the staff can solve my problem

1 Like

I’ve send mail on @staff @staff2 @staff1 help me plaise
Thanks

If you opened a Support Ticket, please post the ticket number here.

My request ticket is(#1551105)

1 Like

@markmeyer is pretty smart. Maybe he can figure out why SSL for https://everymusic.net is broken.

Well to be honest. It’s like fishing in the dark.
I am following this thread and it drives me nuts :joy:

First:

requests via http://ftp.everymusic.net are not redirected. I can acces the page via HTTP even though “Alway redirect to HTTPs” is active. Or isn’t it? IDK. There are two screenshots showing different settings.

> [email protected]:~$ curl -I http://ftp.everymusic.net
> HTTP/1.1 200 OK

Then… wrong version number?

> [email protected]:~$ openssl s_client -servername www.everymusic.net -tlsextdebug -tls1_2 -connect www.everymusic.net:443
> CONNECTED(00000003)
> 139736956769952:error:1408F10B:SSL routines:SSL3_GET_RECORD:**wrong version number**:s3_pkt.c:340:
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 5 bytes and written 7 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
>     Protocol  : TLSv1.2
>     Cipher    : 0000
>     Session-ID:
>     Session-ID-ctx:
>     Master-Key:
>     Key-Arg   : None
>     PSK identity: None
>     PSK identity hint: None
>     SRP username: None
>     Start Time: 1531776533
>     Timeout   : 7200 (sec)
>     Verify return code: 0 (ok)
> ---

And:

[email protected]:~$ openssl s_client -servername www.everymusic.net -tlsextdebug -tls1 -connect www.everymusic.net:443
CONNECTED(00000003)
140104846386848:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1278:SSL alert number 40
140104846386848:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:599:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1531777670
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)

From my point of view something is messed up here. I’d try the crowbar at this point:
Deactivate Universal SSL and re-enable it after 24 or 48 hours. To make the site accessible I’d set the records to :grey: until the cert has been re-issued.

They’ve done the off/on thing and it didn’t issue a valid certificate. I just don’t know why Cloudflare says there’s a certificate, but it’s messed up. I was hoping someone from Cloudflare would jump in. Maybe @Ryan is around today.

1 Like

I checked and I can see that the certificate for your site has been deployed properly.

$ date; curl -vIs4 https://everymusic.net/ 2>&1 | egrep -i “(connected|* ssl|issuer|subject)”
Tue Jul 17 12:27:07 +08 2018

  • Connected to everymusic.net (104.18.62.188) port 443 (#0)
  • SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
  • subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; CN=sni246615.Cloudflaressl.com
  • subjectAltName: host “everymusic.net” matched cert’s “everymusic.net
  • issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO ECC Domain Validation Secure Server CA 2
  • SSL certificate verify ok.
    This should resolve issues with accessing your site on HTTPS.
    If you still seeing issues, please clear your browser’s cache (or try Incognito/Private Browsing Mode).
    Here’s what I see from my Chrome:

I will go ahead and mark this ticket as solved but please do let us know if there is anything else Cloudflare technical support can do to help.

Best regards,

Andronicus

hi
good for the moment I do not settle, I’m waiting tomorrow to put it.

I did not really understand what happened, and how that can be solved. I would have liked to know and understand.

thank you in advance

ERR_SSL_VERSION_OR_CIPHER_MISMATCH
the problem is still present, I had to disable the certificate this morning and it worked a few hours.
now I have the error again

thank you in advance

Did you try other settings like “Full” (not strict)?

Did I get that right: You disabled Universal SSL and re-enable it? Or did the error occur again while Universal SSL was disabled? (shouldn’t).

If you just disabled an re-enabled universal SSL, and the error occurred again after a few hours, open a support ticket. This is really weird.

yes I disabled the ssl Universal on Cloudflare and got the error again.

Without re-enabling? :thinking:

Can you :grey: both A records, for your root and www and let us know once you did?

This can never work (this cache Cloudflare) because it will never point to my domain server by what I could see is that it is the tsl version of the ssl which is in 1, 2
I testing version certificat

1 Like

ERR_SSL_VERSION_OR_CIPHER_MISMATCH is not a Cloudflare problem. This is a FireFox problem. You will only see this error in FireFox while Chrome and Safari will show valid https.

There are ways to ‘fix’ it for yourself but visitors to your website who use FireFox will see the same error so the only real solution is for your web host to turn off stapling for your domain.

https://medium.com/@sslsecurity/how-to-fix-err-ssl-version-or-cipher-mismatch-error-5447c30ac78a

https://support.mozilla.org/en-US/questions/1148198

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.