How to fix https error?

Question:ERR_SSL_VERSION_OR_CIPHER_MISMATCH

I’ve had this problem many times

Usually, I try to solve this problem by repeatedly disabling / enabling SSL and adding / removing domain names

Unfortunately, this time, these methods have no effect
This problem has been around for at least six hours
Here’s how I test the problematic subdomains through OpenSSL
At the same time, I tested a normal subdomain name for comparison to illustrate the problem

[email protected]:~$ openssl s_client -servername desktop.remote.yazawanico.moe -tlsextdebug -tls1_2 -connect desktop.remote.yazawanico.moe:443
CONNECTED(00000005)
140297037877696:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1528:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 232 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
  Protocol  : TLSv1.2
  Cipher    : 0000
  Session-ID:
  Session-ID-ctx:
  Master-Key:
  PSK identity: None
  PSK identity hint: None
  SRP username: None
  Start Time: 1596462111
  Timeout   : 7200 (sec)
  Verify return code: 0 (ok)
  Extended master secret: no
---
[email protected]:~$ openssl s_client -servername doh.yazawanico.moe -tlsextdebug -tls1_2 -connect doh.yazawanico.moe:443
CONNECTED(00000005)
TLS server extension "server name" (id=0), len=0
TLS server extension "extended master secret" (id=23), len=0
TLS server extension "renegotiation info" (id=65281), len=1
0000 - 00                                                .
TLS server extension "EC point formats" (id=11), len=2
0000 - 01 00                                             ..
TLS server extension "session ticket" (id=35), len=0
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
verify return:1
depth=0 C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=CA/L=San Francisco/O=Cloudflare, Inc./CN=sni.cloudflaressl.com
 i:/C=US/O=Cloudflare, Inc./CN=Cloudflare Inc ECC CA-3
1 s:/C=US/O=Cloudflare, Inc./CN=Cloudflare Inc ECC CA-3
 i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIExzCCBG2gAwIBAgIQCiAERV+b/XAA5ndpEL1r2jAKBggqhkjOPQQDAjBKMQsw
CQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMX
Q2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjAwODAzMDAwMDAwWhcNMjEwODAz
MTIwMDAwWjBtMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNh
biBGcmFuY2lzY28xGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xHjAcBgNVBAMT
FXNuaS5jbG91ZGZsYXJlc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
BAXqrkv5vJZ1tedvvk0Z/OfrY38JC0tEweoyblcTmaaTYzNAqhWm5GInjJG3SJK7
rwbSJ1XlTNRbDSi2EV35+mCjggMQMIIDDDAfBgNVHSMEGDAWgBSlzjfq67B1DpRn
iLRF+tkkEIeWHzAdBgNVHQ4EFgQUOpRSzEViZY71E19yd0F5Pky/Q+owQgYDVR0R
BDswOYIVc25pLmNsb3VkZmxhcmVzc2wuY29tghAqLnlhemF3YW5pY28ubW9lgg55
YXphd2FuaWNvLm1vZTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2lj
ZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwN6A1oDOGMWh0dHA6Ly9j
cmw0LmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwTAYDVR0g
BEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGln
aWNlcnQuY29tL0NQUzAIBgZngQwBAgIwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUF
BzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQAYIKwYBBQUHMAKGNGh0dHA6
Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcnQw
DAYDVR0TAQH/BAIwADCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1APZclC/RdzAi
FFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABc7RblDwAAAQDAEYwRAIgGdRRX6fs
Z3nthjn3oC+VHUhZ3xEu7ppD9rO1cTrc0f4CIEdJ31BeR6BolnVKUzsEF7WZkWQ6
ELjFMENBDFH4pEiaAHcARJRlLrDuzq/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagA
AAFztFuUDwAABAMASDBGAiEAsEzmFNA+JuEo3uZ92b+PDBp7g54VRdA7Q0RRWn3V
W2UCIQCMALwiNN3rzjLBJmRYpnyS6aTxMU8gGxLKgVIZ426yATAKBggqhkjOPQQD
AgNIADBFAiEA4EI+C5iINCk8CVBNdFpeiCFntrnlE7OF2VtRGz2odR0CIDKvTis2
UUKq2DhDqrmQ8qiURyAB4wrx4mYbgBObmnsC
-----END CERTIFICATE-----
subject=/C=US/ST=CA/L=San Francisco/O=Cloudflare, Inc./CN=sni.cloudflaressl.com
issuer=/C=US/O=Cloudflare, Inc./CN=Cloudflare Inc ECC CA-3
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2673 bytes and written 306 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-ECDSA-CHACHA20-POLY1305
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
  Protocol  : TLSv1.2
  Cipher    : ECDHE-ECDSA-CHACHA20-POLY1305
  Session-ID: FFB996A894849ADACEDF87319942299481EF74A7CE49A066508B526CBAFB54BD
  Session-ID-ctx:
  Master-Key: 538E43470E0DBCAF347629A57BF23F0A0BCC3B3A09164FBCBE86FF3D08D2DA5C060A5C3259BE4D8F9E0A603E266326A2
  PSK identity: None
  PSK identity hint: None
  SRP username: None
  TLS session ticket lifetime hint: 64797 (seconds)
  TLS session ticket:
  0000 - 75 13 12 16 d6 d4 fa a2-fb 6e 8b ed 1f 34 e9 16   u........n...4..
  0010 - b8 eb 54 b4 ca e7 29 4c-a2 be 43 80 8d a1 24 bb   ..T...)L..C...$.
  0020 - ed 13 d3 08 8b f7 08 92-87 03 21 07 2d d8 6d 66   ..........!.-.mf
  0030 - 6b c5 85 1c ed 2f ea 05-65 0b 59 18 8f fd 02 e7   k..../..e.Y.....
  0040 - 5c 28 62 75 da a1 a1 e2-cd f8 9b 3f 1a 3d d0 58   \(bu.......?.=.X
  0050 - b2 ef 93 69 be 63 0b b0-f9 9a 17 8d a1 e1 81 73   ...i.c.........s
  0060 - e4 2e cb ce f1 ef 53 8d-6e 33 66 08 81 47 a6 2e   ......S.n3f..G..
  0070 - e9 90 b3 eb 65 94 5e 49-ee 8c 89 eb f2 de fd 4b   ....e.^I.......K
  0080 - 68 db f6 33 23 cb 5e 94-a8 dc 23 72 4a bf 33 af   h..3#.^...#rJ.3.
  0090 - a9 84 c9 2e 07 d6 ea 98-a4 cd 0f 69 cc 73 90 24   ...........i.s.$
  00a0 - f4 71 5a b8 6f b7 e0 b9-04 de 61 c0 a4 4a 2b 69   .qZ.o.....a..J+i
  00b0 - 7b 68 f8 77 3e 44 68 02-10 4e 63 77 af 09 8f ca   {h.w>Dh..Ncw....

  Start Time: 1596462134
  Timeout   : 7200 (sec)
  Verify return code: 0 (ok)
  Extended master secret: yes
---
closed

Here are some screenshots that might be useful

You’ll need a dedicated certificate

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.