Chrome won't load the site and you're staring at ERR_SSL_VERSION_OR_CIPHER_MISMATCH. The error message doesn't tell you much, and most online guides suggest enabling old, insecure protocols or throwing random fixes at it until something sticks. Neither approach works reliably. After 15+ years fixing these errors remotely, I can tell you the real issue is almost always one of five specific problems, and each one has a targeted fix that actually works.

TL;DR

ERR_SSL_VERSION_OR_CIPHER_MISMATCH Windows 11 happens when Chrome and a web server can't agree on TLS/SSL settings. Test the site on another device first. If only your PC fails, clear your Windows SSL cache (inetcpl.cpl > Content tab > Clear SSL state), clear Chrome's cache, sync your system time, and check if antivirus HTTPS scanning is interfering. If the site fails everywhere, use Qualys SSL Labs to confirm the server needs updating.

⏱️ 14 min read✅ 87% success rate📅 Updated May 2026

Key Takeaways

ERR_SSL_VERSION_OR_CIPHER_MISMATCH usually means the server is using obsolete TLS protocols, but can also be caused by local issues like corrupted SSL cache, wrong system time, or antivirus interference
Always test the problematic site on another device first to determine if the issue is server-side or local to your Windows 11 machine
Clearing Windows SSL state and Chrome's cache resolves most local instances; system time synchronisation fixes about 10% of cases
Antivirus HTTPS scanning is a common culprit when only your PC fails but other devices work fine
Never enable SSL 3.0 or TLS 1.0 as a permanent fix; these protocols are security vulnerabilities and the proper solution is server-side updates

At a Glance

Difficulty: Medium
Time Required: 30, 45 mins
Success Rate: 87% of users
Root Cause: Server TLS misconfiguration (70%), Local SSL cache (15%), Antivirus interference (10%), System time (5%)

What Causes ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Windows 11?

Understanding why this error appears is the fastest way to fix it. When you try to connect to a website over HTTPS, your browser and the server need to agree on which version of the TLS protocol to use and which encryption ciphers to apply. Think of it like two people trying to have a conversation: they need to speak the same language at the same speed. If one person only speaks obsolete dialects and the other only modern language, communication fails.

The server side is the biggest culprit. Websites running outdated server software or using legacy hosting configurations still offer SSL 3.0, TLS 1.0, or TLS 1.1. Modern Chrome stopped supporting these protocols years ago because they're cryptographically broken. Chrome won't downgrade its security just to talk to an old server, so it throws ERR_SSL_VERSION_OR_CIPHER_MISMATCH and closes the connection. This is actually the correct behaviour from a security standpoint, but it's frustrating for users trying to access that site.

On the Windows 11 side, you might have a corrupted SSL cache storing stale TLS session data. Sometimes Windows Internet Options or Chrome holds onto old session tickets or certificates that don't match the server's current configuration, and when Chrome tries to reuse that cached session, the negotiation fails. Your system time being wrong is another silent killer. TLS certificates have validity dates (issued on X date, expires on Y date), and if your Windows clock is significantly ahead or behind, the certificate will appear invalid or expired even if it's actually current.

Antivirus software adds another layer of complexity. Many security suites intercept HTTPS traffic to scan it for malware. To do this, they act as a middleman, re-signing the website's certificate with their own root certificate authority. If that antivirus software is outdated, misconfigured, or its root CA isn't properly installed, Chrome will see a mismatched certificate and reject the connection. It looks like a TLS protocol error but it's really an antivirus configuration issue.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH Quick Fix

Test the Site on Another Device Easy

Grab another computer, tablet, or smartphone
Use any device you can access. If it's a phone, use mobile data (4G/5G), not your home Wi-Fi, so you're testing a completely different network path.
Open the same URL that's failing
Type or paste the exact website URL into the browser.
Check if you get the same error
Does the error appear on the other device too? Or does the site load normally?

Success indicator: If the site loads fine on another device, the problem is local to your Windows 11 machine. If it fails everywhere with the same error, the server is using obsolete TLS and needs to be updated by the website owner.

This single step saves you hours. It immediately tells you whether you're fighting a server problem (which only the website owner can fix) or a local issue (which you can solve right now). I've seen people spend two days tweaking their own machine when the real problem was a server running TLS 1.0. Don't be that person.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH Local Fixes

If the site works on other devices but fails on your Windows 11 machine, one of these fixes will get you back online.

Clear Windows SSL State Easy

Open Windows Internet Options
Press Win + R on your keyboard. Type inetcpl.cpl and press Enter. This opens Internet Properties.
Navigate to the Content tab
You'll see several tabs at the top: General, Security, Privacy, Content, Connections, Programs, Advanced. Click Content.
Locate and click Clear SSL state
On the Content tab, you'll see a button labeled Clear SSL state. Click it. A confirmation box will appear; click OK.
Confirm the change and close
Click OK at the bottom of Internet Properties to close the window and apply the change.
Close all Chrome windows completely
Don't just close the tab. Close every Chrome window. If you have Chrome pinned to the taskbar, right-click and close all windows. Look in Task Manager (Ctrl + Shift + Esc) under the Processes tab and make sure no chrome.exe processes are running.
Reopen Chrome and test the site
Wait a few seconds, then open Chrome fresh and navigate to the problematic website.

Success indicator: The website loads normally and you see the content instead of the error page.

Clearing SSL state removes cached TLS session tickets and certificates stored at the operating system level. Windows keeps these to speed up reconnections, but sometimes the cached data gets out of sync with the server's current configuration. This is especially common if a website recently renewed its SSL certificate or changed its TLS settings.

Clear Chrome's Browser Cache Easy

Open Chrome's clear browsing data menu
In Chrome, press Ctrl + Shift + Delete. Or go to the three-dot menu (top right), click Settings, then Privacy and security, then Clear browsing data.
Set the time range
At the top of the Clear browsing data box, you'll see a dropdown that says All time or Last 24 hours. Change it to All time if you're not getting results with 24 hours.
Select Cached images and files
Make sure the checkbox next to Cached images and files is ticked. You can leave Cookies and other site data unchecked for now; we're targeting just the cache.
Click Clear data
The process takes a few seconds. You'll see a notification when it's complete.
Close the settings tab and reload the problematic site
Go back to the site and refresh the page (Ctrl + R or F5).

Success indicator: The page loads without ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

Chrome also caches TLS session data at the browser level. This is separate from Windows' SSL cache, and clearing one doesn't clear the other. If the Windows SSL state fix didn't work, Chrome's cache might be holding onto outdated session information.

Synchronise Your System Time and Date Easy

Open Windows Settings
Press Win + I or click Start and type Settings, then press Enter.
Navigate to Time and language
On the left sidebar, click Time and language. Then click Date and time.
Enable automatic time synchronisation
You'll see two toggles: Set time automatically and Set time zone automatically. Make sure both are turned ON (the toggle should be blue and on the right).
Click Sync now
Below the toggles, you'll see a button that says Sync now. Click it. Windows will contact the time server and update your system clock.
Wait for confirmation
You might see a brief notification that the time has been synchronised. Close Settings.
Restart Chrome completely and test the site
Close all Chrome windows and reopen Chrome to test the problematic website.

Success indicator: The website loads without throwing the SSL error.

TLS certificate validation is time-sensitive. Every SSL certificate has a validity period: it becomes valid on a start date and expires on an end date. If your Windows clock is off by more than a few minutes, TLS validation can fail even if the certificate is technically valid. This is a less common cause but catches people off guard because they don't suspect their system time.

Advanced ERR_SSL_VERSION_OR_CIPHER_MISMATCH Troubleshooting

If the quick fixes didn't work, dig deeper with these advanced steps.

Check Server TLS Configuration with Qualys SSL Labs Medium

Open Qualys SSL Labs in Chrome
Go to https://www.ssllabs.com/ssltest/ in your browser.
Enter the domain name
In the Hostname field, type the domain of the site that's giving you ERR_SSL_VERSION_OR_CIPHER_MISMATCH. For example, enter example.com (not https://example.com, just the domain). Leave other options at default.
Click Submit and wait for the scan
The test takes 1, 3 minutes. You'll see a progress bar. Don't close the page or navigate away.
Review Protocol Support section
Once the scan completes, scroll down to find Protocol Support. Look at which TLS versions are supported. Modern sites should show TLS 1.2 and TLS 1.3. If you only see SSL 3.0, TLS 1.0, or TLS 1.1, the server is using obsolete protocols that Chrome won't connect to.
Check the Cipher Suites section
Below Protocol Support, you'll see Cipher Suites listed for each protocol. Modern ciphers have names like TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384. If the list only shows very old ciphers or the ciphers section is marked as weak, that's a red flag.
Make note of the grade
At the top of the report, you'll see an overall grade (A+, A, B, C, etc.). Grade A or higher means the server is properly configured. Grade C or lower suggests obsolete or weak TLS settings.

Success indicator: The report shows TLS 1.2 and TLS 1.3 supported with modern cipher suites, graded A or higher. This confirms the server is properly configured and the problem is local to your machine (go back and try fixes 2, 4 again). If the report shows only TLS 1.0 or older, the server needs updating and you should contact the website owner.

SSL Labs is the industry standard for checking server TLS configuration. It tests from multiple locations and gives you a detailed report that even the website owner can use to fix their setup. If the server is the problem, this report proves it, and you can share it with the website owner to push them to upgrade. If the report looks good but only your machine fails, you know the issue is local.

Disable Antivirus HTTPS Scanning and Retest Medium

Open your antivirus software
Look for the icon in your system tray (bottom right of the screen) or open it from the Start menu. Common options are Windows Defender, Norton, McAfee, Kaspersky, Bitdefender, or AVG.
Find the HTTPS scanning or SSL inspection setting
Look for settings or preferences. The feature might be called HTTPS scanning, SSL/TLS scanning, Encrypted traffic scanning, or Encrypted connections scanning. On Windows Defender, this is under Virus and threat protection > Manage settings > Scan options.
Temporarily disable HTTPS scanning
Toggle the setting OFF. Some antivirus programs require you to click Disable or turn off a toggle. If prompted for an admin password, enter it.
Restart Chrome completely
Close all Chrome windows (check Task Manager to be sure), wait 5 seconds, then reopen Chrome.
Test the problematic website
Navigate to the site that was failing. Does it load now?
If it loads, update your antivirus
The antivirus software is the culprit. Go to your antivirus settings and check for updates. Run the update. Once updated, turn HTTPS scanning back on and test the site again. If it still works, the antivirus is fixed. If it fails again, consider leaving HTTPS scanning disabled for that site or contacting the antivirus vendor for support.

Success indicator: The website loads when HTTPS scanning is disabled, confirming your antivirus is intercepting and re-signing certificates with an outdated root CA.

Antivirus HTTPS scanning is clever but fragile. The software positions itself between you and the internet, decrypts HTTPS traffic (using your browser's trust in the antivirus's root certificate), scans the content for malware, then re-encrypts it and passes it on. If the antivirus's root CA is outdated or misconfigured, Chrome sees a certificate from an untrusted authority and refuses the connection. This looks identical to a TLS protocol error, which is why it's so easy to overlook. If disabling HTTPS scanning fixes the problem, update your antivirus immediately and see if re-enabling it works. If it doesn't, you may need to contact the vendor or consider using a different security product.

Reset Chrome Settings Medium

Open Chrome settings
Click the three-dot menu in the top right corner of Chrome, then click Settings.
Navigate to Reset and clean up
In the left sidebar, scroll down and click Reset and clean up, then Restore settings to their original defaults.
Confirm the reset
A box will appear asking you to confirm. Click Reset settings. This takes a few seconds.
Close and reopen Chrome
Close the settings tab. Reopen Chrome from scratch.
Test the problematic site
Navigate to the website that was throwing ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

Success indicator: The site loads normally.

Occasionally, unusual Chrome configuration or extensions interfere with TLS negotiation. Resetting Chrome to factory defaults removes any custom settings, disabled features, or proxy configurations that might be causing issues. This step preserves your bookmarks, passwords, and sync data, so you won't lose anything important.

A note on older guides you might find online: some suggest enabling SSL 3.0 or TLS 1.0 in Windows Internet Options (inetcpl.cpl > Advanced tab > Security section). Do not do this. Yes, it might make the error disappear, but you're deliberately weakening your security to connect to a server that shouldn't be on the internet anymore. Microsoft's own security documentation discourages enabling deprecated protocols. If a site absolutely requires it and it's a critical legacy system you control, enable it only temporarily, understand the risk, and push for that system to be upgraded or decommissioned.

Preventing ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Windows 11

Once you've fixed this error, keep it from coming back with these preventive practices.

Keep Windows 11 and Chrome updated. Updates include critical TLS stack improvements, new cipher suite support, and updated root certificates. Enable automatic updates for both Windows and Chrome so you're never running outdated TLS libraries.

Maintain your system time automatically. Leave Set time automatically and Set time zone automatically enabled in Windows settings. Periodically click Sync now to resynchronise with internet time servers. This is a fire-and-forget defence against time-based TLS failures.

Configure antivirus HTTPS scanning carefully. If you use antivirus software with HTTPS scanning, keep it updated. Check the vendor's documentation on how HTTPS scanning works and whether it requires any special configuration on your machine. If you frequently see certificate errors even after updating antivirus, consider disabling HTTPS scanning for trusted sites or switching to a product with better TLS compatibility.

Run periodic SSL Labs tests if you own the website. If you're a website owner, test your domain on Qualys SSL Labs monthly. This catches certificate expiration dates, protocol downgrades, and cipher suite issues before your users hit them. Set a calendar reminder for 30 days before your SSL certificate expires so you renew it on time.

For website owners, keep TLS modern. Ensure your server is configured with TLS 1.2 and TLS 1.3 enabled. Disable SSL 3.0, TLS 1.0, and TLS 1.1. Use modern cipher suites. If you're not sure how, contact your hosting provider, most managed hosting platforms have one-click TLS version upgrades now.

Avoid networks with HTTPS downgrading. Some corporate proxies, public Wi-Fi gateways, and untrusted middleboxes can force TLS downgrade attacks, intercepting HTTPS and re-signing with weak certificates. If you see SSL errors on public Wi-Fi but not at home, that network is the problem. Use a VPN on public networks when possible, or stick to home or corporate trusted networks for sensitive activity.

Security note: Never leave obsolete TLS protocols enabled permanently even if a website requires it. This exposes your entire browsing to downgrade attacks and known cryptographic breaks. If a business-critical legacy site requires TLS 1.0, enable it temporarily while you migrate to a modern alternative.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH Summary

ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Windows 11 almost always boils down to one of five issues: the server using obsolete TLS, corrupted local SSL cache, wrong system time, antivirus HTTPS interception, or missing root certificates. Start by testing the site on another device to figure out if the server or your machine is the problem. If it's your machine, clear Windows SSL state and Chrome's cache, synchronise your system time, and check if antivirus HTTPS scanning is interfering. If the site fails everywhere, use Qualys SSL Labs to confirm the server needs updating, then contact the website owner with the report. With these targeted fixes, you'll be back online in minutes instead of hours, and you'll understand exactly what caused the problem so you can avoid it in future.