ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Product Discussion Peplink Balance
,
1

Please help, I changed the login settings for admin access to HTTPS on the LAN/WAN. Everything worked fine when set to HTTP only. I get the following error on Edge and Chrome.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Hide details
Unsupported protocol
The client and server don’t support a common SSL protocol version or cipher suite.

2

Also, I meant to mention that I cannon get GUI access anymore whatsoever. Please help.

3

What ciper / tls version is the Peplink offering - any further details in that error?

What model / firmware of Peplink and what version of Edge / Chrome?

I wonder if the Peplink is for some reason only offering TLS1.0 / 1.1 which are long deprecated and removed from modern web browsers.

Can you also check you are hitting the Peplink IP with HTTPS specifically and on the correct port? Maybe try in a private browsing window incase there is some odd caching happening too - the “unsupported protocol” bit of this would suggest you are perhaps trying http:// rather than forcing https://

Do you have the Peplink registered on InControl2 - if so perhaps try getting in via the WebGUI proxy there?

4

That’s just your browser warning you that you have not trusted the default SSL cert that ships with the device. I recently went through and generated my own SSL certs, set up DHCP entries for my Peplink products, and trusted my new cert in Chrome and Edge. Here’s the steps I saved to repeat this process again in the future:

  1. Install the most recent Windows version of OpenSSL on your machine and ensure the binary is in your path, or reference the exe by the full path.
  2. Open Command Prompt and run the following:
"c:\Program Files\OpenSSL-Win64\bin\openssl.exe" req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout peplink.key -out peplink.crt -subj "/CN=yourdomain.com" -addext "subjectAltName=DNS:balanceone.yourdomain.com,DNS:balancelte.yourdomain.com,IP:10.0.0.1,IP:10.0.1.1"
  1. Where youdomain.com is, replace with whatever local domain you want to use and will enter local DNS records for. Also, update the IPs to match your local devices.
  2. Import peplink.crt to Chrome Cert Store: chrome://settings/security?search=certificate
  3. Cert must be imported into the “Trusted Root Certificate Authorities” tab.
  4. Open Peplink router config, goto Network > Misc Settings > Certificate Manager > Web Admin SSL.
  5. Click Edit (pencil) button.
  6. Upload contents of peplink.key into “Private Key”
  7. Upload contents of peplink.crt into “Local Public Key Certificate”
  8. Save and Apply settings button.
  9. Add local DNS entries to match “balanceone.yourdomain.com” or whatever you’re using.
  10. Restart all instances of Chrome/your browser.

Now the SSL warnings will finally go away and things will work as expected, vs having to click a few extra things to bypass the cert warnings in the browser.

5

what device
what firmware version

8

The mismatch between TLS versions or cipher suites, the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error can occur due to “n” a number of other reasons which are as follows:-

  1. Outdated browser or operating system
  2. Use of old TLS versions, significantly older than TLS 1.2.
  3. Web servers employ the outdated RC4 cipher suite.
  4. Corrupted SSL state within the browser.
  5. SSL certificate issues like mismatches or incorrect installations, etc

There are many methods to solve the error, you can check the detailed article at:- https://certera.com/kb/how-to-fix-the-err_ssl_version_or_cipher_mismatch-error/.

I hope it helps!