Wednesday, January 11, 2017

Chrome issue : ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Chrome issue: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

If you get this error while hitting an URL in chrome, it means the recently Updated Chrome version doesn't support SSLv3 protocol.
So if you Use an older version of Chrome or Firefox, you won't get this error. This is Browser's error which occurs only when
there is some problem at client side while establishing private connection to a secure site and this error is related to “SSL Certificate” security.

Solution:
Temporary at client side:
1) Use older version of Chrome or Mozilla, remove recently updated version.
2) Open "chrome://flags" in Chrome URL and search for SSL, then change the drop down option to support SSLv3.

Permanently:
1) Since your application is running in an Application Server (Web Server). Make the "sslProtocols" change and CIPHERs change. 
   The below change is for JBOSS server (open JBOSS/server/YOUR_MODULE/deploy/jboss-web-deployer/server.xml) and modify below changes as:
   
  <Connector port="6443" address="${jboss.bind.address}" SSLEnabled="true"  
         maxThreads="250" maxHttpHeaderSize="8192"
         emptySessionPath="false" protocol="HTTP/1.1" scheme="https" secure="true"
         enableLookups="false"  acceptCount="100"
         connectionTimeout="20000" disableUploadTimeout="true" server=" "
         clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/servercerts" keystorePass="*******" 
         sslProtocols="TLSv1,TLSv1.1,TLSv1.2" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 
         TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
         TLS_RSA_WITH_AES_128_CBC_SHA256,
         TLS_RSA_WITH_AES_128_CBC_SHA,
         TLS_RSA_WITH_AES_256_CBC_SHA256,
         TLS_RSA_WITH_AES_256_CBC_SHA,
         SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA" />

    Save the file and restart the Application Server. Issue will be resolved.