SSL Issues - "SSL Version or cipher mismatch"

Hello community. I am sure this has been asked a million times, and I am unsure of exactly what information is needed here so I will do my best to keep it short and simple and answer any questions as they are asked.

This issue started about 3 months ago, when a competitor to my site decided to mass report me as “fraud and phishing” to every blacklist known to man kind. Some reports stuck, others did not, but it was enough. I have spent 2.5 months fixing this after finding out, and this is the last issue I can’t seem to figure out.

Domain: https://sammichscripts.com

Random users will state that they get the dreaded error:
"This site can’t provide a secure connection, Sammichscripts.com uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH"

Few things to know:

  1. Website is using Lets Encrypt certificate, with Full - Strict on CF side. The universal CF cert has also been verified, marked as active, and registers properly.
  2. The site has as far as I can tell everything properly setup for SSL from… Certs, to preloading, to HSTS, to automatic rewrites for HTTPS, you name it.
  3. SSLShopper has the full SSL chain proper, SSLLabs rates everything A+, Cloudflare Diagnostics only states DS record is missing, and we don’t use DNSSEC so I am not sure that matters.
  4. I have tried everything I can find to resolve this, including completely removing all certs from CF, Lets encrypt, and all SSL rules from my site… Re-issuing everything, waiting 7 days, full propagation completes and still no luck.

I am a bit at a loss… The only thing that seems to fix it for the clients having issues… is to change their DNS to public ones like googles 8.8.8.8 or CF 1.1.1.1. Then magically the Mismatch just… goes away.

What can I provide, and do to help troubleshoot this?

Thanks to everyone who takes the time to respond. It is greatly appreciated.

May I ask, if you already haven’t checked, but maybe below articles could help?

Hey Fitexvz, Thanks for the reply first and foremost!

I have read those but just for sanity sake I re-checked everything it provided. As far as I can see, it seems to me that all is good!

  1. All portion under DNS are proxied, and disabling temporarily to bypass CF doesn’t seem to help with users having issues. (Will have to test further)
  2. Dnschecker.org shows both Cloudflare IP addresses, as well as full propagation across every network. The users having this issue also are seeing Cloudflare cert when loading the site.
  3. I have not reset the universal SSL from ground zero, but I did reset my local SSL certs, and other things. (Will reset the universal now, perhaps after blacklisting the SSL cert is “flagged”?), as well the certs have provisioned properly.
  4. There is no mixed content warning, the site has a auto-upgrade function to force HTTPS across all resources, as well as force upgrade is turned on for CF.

Hopefully there is more ideas! I will happily try them all!



NSLookupSSL on site
A record

1 Like

Post the ticket number for @cloonan.

1 Like

Hey sir! My apologies again on the ping! Didn’t mean to offend anyone! Hope everyone can forgive me haha :slight_smile:

The ticket number is: #2176133 ( For @cloonan )

Hi there,

Apologies for the inconvenience you had to face.

However on trying to load your site, it seems to load perfectly currently. I tried to load your site through two devices and it loaded fine without any issues:

Can you confirm if the issue still persists?

Kind regards,

Riddhi {redacted}

Hello @riddhi ! I do not mind the wait, and appreciate any support at all! I have attempted to gather information from a few customers but haven’t had much luck sadly. I do know that it seems to be a select few folks having the issue, and I can’t seem to pinpoint WHAT is causing it. Or even find really good notes as to WHY the error can occur. Because the people having the issues are geographically separated, all different ISP companies, and almost all had up to date browsers/OS/Cleared SSL with no luck.

I did go through and pretty much from scratch redo my SSL on the site. Everything from bypassing Cloudflare, to wiping all SSL/HTTPS rules, etc etc from wordpress. Then re-instated everything, and waited for all email/SSL/HTTPS DNS related things propagate through DNS.

The previous Web Dev sadly had a bunch of things setup in… ways that didn’t quite make sense sadly. So I am even unsure if all of the DNS related settings in cloudflare are needed. (Example being… he had 4 separate google verification txt related DNS settings because he couldn’t remember account details. :upside_down_face: )