Chrome 41 ERR_SSL_VERSION_OR_CIPHER_MISMATCH Tomcat 7

Asked 20/3, 2015 at 8:11 Answered 16/11, 2019 at 11:1

Since I have updated Chrome from Version 40 to 41, I no longer can access my ssl site running in a local tomcat 7 instance. I have a self signed certificate.

Chrome just prints This webpage is not available together with ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

I already tried the chrome://flags switch Minimum SSL/TLS version supported to SSLv3, which did not work.

Eisenstark answered 20/3, 2015 at 8:11 Comment(0)

I had the same problem with my Java EE web application running with a self signed certificate on Wildfly 8.1.

You are probably using a 1024 bit DSA public key with your selfsigned certificate and Chrome stops/stopped supporting DSA(DSS).

Creating a RSA 2048 certificate and using it with your web application should solve your problem.

Journalist answered 23/3, 2015 at 10:1 Comment(2)

@NoCatharsis There is no such thing as a "complete response". There'll be always someone who lacks knowledge of a part in the process. It's not helpful to explain the creation of certificates and every other step in it's entirety and full granularity at this point for the same reason as it's out of place to describe how to use a console or to copy files. Once you know it's required to create the mentioned certificate, you can research on how to do that. – Journalist 21/1, 2016 at 8:48

Currently in 2023, only Firefox support secp521r1. Other browsers (Edge/Chrome/Opera) doesn't support secp521r1, sect, brainpoolP, c2tnb. For maximum compatibility, you can use: rsa, secp384r1, prime256v1. – Subnormal 10/1, 2023 at 1:27

I doubt its an SSL/TLS protocol version problem. Most of the time this error means the server and client couldn't agree on which cipher to use. Take a look at this blog post: https://blog.eveoh.nl/2014/02/tls-ssl-ciphers-pfs-tomcat/ on how to enable a secure and compatible cipher suite in Tomcat.

Louielouis answered 21/3, 2015 at 22:3 Comment(0)

In the Tomcat server.xml file you can set ciphers attribute in the SSL/TLS <connector/> element.

ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 
         TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
         TLS_ECDHE_RSA_WITH_RC4_128_SHA,
         TLS_RSA_WITH_AES_128_CBC_SHA256,
         TLS_RSA_WITH_AES_128_CBC_SHA,
         TLS_RSA_WITH_AES_256_CBC_SHA256,
         TLS_RSA_WITH_AES_256_CBC_SHA,
         SSL_RSA_WITH_RC4_128_SHA"

This solved the problem in my case for ERR_SSL_VERSION_OR_CIPHER_MISMATCH in Chromium / Chrome and for ssl_error_no_cypher_overlap in Firefox.

Siouxie answered 27/8, 2015 at 15:26 Comment(0)

If you came here from Google and since this is the highest ranking 'ERR_SSL_VERSION_OR_CIPHER_MISMATCH' entry:

another explanation is that you started an nodejs https or express server with invalid or empty credentials. The irritating bit is that the server starts without complaining and ssl seems to work, but the negotiation between browser and server fails with this error.

Fatuitous answered 16/11, 2019 at 11:1 Comment(0)

Recommended topics

Hot tags