Share your inquiry details here
Apologies I thought these replies to support were also posting tot he Community.
A week ago on 6/3/2021 I moved 4 sites to Cloudflare NS as I had done with a handful of other sites.
This time all 4 returned an error for SSL Cipher Mismatch. Here is an example of the error message in Google Chrome (Version 91.0.4472.77 (Official Build) (64-bit)).
Unable to resolve this, after attempting to contact support at Cloudflare, I talked to my hosting company and the could only offer that I should move the NS back to their servers . By this time the 4 sites had been down for some hours, so I did that and after another hour propagation occurred and all 4 were up but without CDN.
I started getting questions and responses from support. But I am unfamiliar with the nuances of this so was unable to find a solution other than noticing that on the working sites vs the not working site (observed while one of them was still on CF’s NS) that if I Inspected the sites using the dev tools in Google Chrome, on the security tab that:
The connection to this site is encrypted and authenticated using TLS 1.3, X25519, and AES_256_GCM. (working site)
The connection to this site is encrypted and authenticated using TLS 1.3, X25519, and AES_128_GCM.
So the only difference I see is the AES_128 vs the AES_256.
Last night 6/9/2021 after being prompted by Cloudflare support I moved another site back to CF Name Servers. It went down and I got the same error message. Later in the evening I checked it, and the site was up and I had an email from support that it is “resolved.” But I do not know how or what fixed the issue. When I go back into chrome I see that the certificate info is the same as the working sites I observed before. Also all of these that it references as TLS 1.3 even though the Edge Cert has them all at the default of TLS 1.0? The connection to this site is encrypted and authenticated using TLS 1.3, X25519, and AES_128_GCM.
Surely there is a better method than just rolling the dice, moving these sites, and seeing if they fail or not?