Error ERR_SSL_VERSION_OR_CIPHER_MISMATCH seen while accessing EPS console webpage
Modified on: Fri, 11 Mar, 2022 at 10:30 AM
Overview: Due to popular web browsers dropping support for TLS1.0 and TLS1.1 protocol, when you login to EPS console, error "ERR_SSL_VERSION_OR_CIPHER_MISMATCH” appears. This occurs only with EPS Server installed on legacy operating systems (where TLS 1.2 protocol is not enabled/supported).
Applicable Operating System: Microsoft Windows 7 and earlier Applicable EPS Versions: Thirtyseven4 EPS 7.x
Applicable Browser versions:
Google Chrome 98.0.4758.102 and above
Mozilla Firefox 97.0 and above
Microsoft Edge 98.0.1108.50 and above
Description: When you log in to the EPS console webpage, the following error prompt appears in the browser.
Reason: This behavior is due to either the browser or operating system not supporting TLS1.2 protocol.
Browser: The latest browser versions allows a minimum TLS protocol version of TLS 1.2. TLS 1.0 and TLS 1.1 are no longer supported.
Operating System: TLS1.2 protocol is disabled/unsupported on legacy Operating Systems.
TLS 1.2 is disabled by default on Microsoft Windows 7 and 2008 R2
TLS 1.2 is unsupported on Microsoft Windows Vista, 2003 and XP
Solution: Thirtyseven4 recommends installing EPS Server on the latest operating system. Alternatively, you can use the following workarounds:
Workaround 1: Use older web browser versions to access EPS web console.
Workaround 2: Enable TLS 1.2 on Windows 7 and Windows 2008 R2 to access EPS web console on latest browsers.
To enable TLS 1.2, follows these steps, 1. Right-click Start, then select Run. Type regedit in the Open: box, and then select OK. The Registry Editor window appears. 2. In the Registry Editor window, select topmost Computer option. 3. To take backup of the registry, click File > Export. Save the registry file.
Important: In this method, you are editing the registry. This may have detrimental effects on your computer if done incorrectly, so it is strongly recommended to make a backup.
4. In the Registry Editor window, browse to the following registry key. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols 5. Right click the Protocols folder. Select New > Key from the drop-down menu. This creates a new key folder. 6. Rename the new key folder as TLS 1.2. 7. Right click the TLS 1.2 key folder and add a new key in that folder. 8. Rename the new key as Server. 9. Right click the Server key. Select New > DWORD (32-bit) Value from the drop-down list. 10. Rename DWORD to DisabledByDefault. 11. Right-click the name DisabledByDefault and select Modify... from the drop-down menu. 12. Ensure that the Value data field is set to 0 and the Base is Hexadecimal. Click OK. 13. Create another DWORD for the Server key as you did in Step 9. 14. Rename this second DWORD to Enabled. 15. Right-click the name Enabled and select Modify... from the drop-down menu. 16. Ensure that the Value data field is set to 1 and the Base is Hexadecimal. Click OK. 17. Close Registry Editor window. 18. Reboot the server.