vSphere

 View Only
Expand all | Collapse all

Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome Browser

  • 1.  Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome Browser

    Posted Mar 13, 2015 04:26 AM

    Hi there,

    I am running into the POODLE Chrome issue when accessing my https://localhost:9443/vsphere-client

    My Virgo server is up and running. But when I try to launch on Chrome, I get this error:

    A secure connection cannot be established because this site uses an unsupported protocol.

    Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

    Can you please suggest a resolution to this issue.

    Thanks,

    Aparna



  • 2.  RE: Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome Browser

    Broadcom Employee
    Posted Mar 13, 2015 04:31 AM

    Please always add version information to your questions, I cannot guess what you are using (Web Client, Chrome, etc.)...

    Also err_ssl_version_or_cipher_mismatch doesn't mean it's the poodle problem.



  • 3.  RE: Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome Browser

    Posted Mar 13, 2015 04:23 PM

    vCenter Server -  is on version 5.5 - 2d.

    Development SDK and serinity-client  - on my local system is also on 5.5.2 - build number 2026576.

    Chrome browser version -  is 41.

    Thanks!



  • 4.  RE: Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome Browser

    Broadcom Employee
    Posted Mar 13, 2015 04:49 PM

    We have seen this error with the latest Chrome version with SDK 5.5.x, it must be a side effect of some internal change they made.  It only happens for localhost, i.e. a dev setup.

    The work-arounds I know of are:

    - Use an older Chrome version just for your local plugin development.

    - Use Firefox

    - Use SDK 6.0 where this problem doesn't exist.

    We don't have a solution for the latest Chrome and SDK 5.5.x but if someone has found one please share it here.

    I assume it has to do with an invalid certificate.



  • 5.  RE: Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome Browser

    Posted Mar 13, 2015 04:54 PM

    Thanks will try them out.

    Quick question on SDK 6.0 - which vcenters will this be compatible with? Do we have to upgrade and install everything to 6.0. I am not clear on that, can you please explain.

    Thanks!



  • 6.  RE: Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome Browser

    Broadcom Employee
    Posted Mar 13, 2015 05:11 PM

    As always the Web Client and its SDK is compatible with the current release and the previous one, so SDK 6.0 is compatible with vCenter 6.0 and 5.5.

    To use Web Client 6.0 you don't need to install or upgrade to vCenter 6.0 but you need the new 6.0 service controller.

    See this doc "Mixed-Version Transitional Environments in vCenter Server for Windows Upgrades": vSphere 6.0 Documentation Center



  • 7.  RE: Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome Browser

    Posted Mar 13, 2015 05:12 PM

    Will you be providing a patch for 5.5 SDK to work with Chrome? We are committed to release our product for 5.5 SDK only, and this would be a blocker. Please let us know the plan on fixing this issue.

    Thanks.



  • 8.  RE: Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome Browser

    Broadcom Employee
    Posted Mar 13, 2015 05:17 PM

    You didn't read my reply correctly.  This is only a problem with localhost, i.e. on developer machines.  So there is no patch to provide for regular users.



  • 9.  RE: Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome Browser

    Posted Mar 13, 2015 05:32 PM

    Perfect - that is a relief. It won't be a production issue.

    But please do let us know for development set up as well. We will need to develop and test against Chrome.

    Thanks!



  • 10.  RE: Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome Browser

    Broadcom Employee
    Posted Mar 13, 2015 05:44 PM

    You can still develop and test against Chrome version 40 locally.  You can test against Chrome 41+ if you deploy your plugin on separate machine, i.e. don't use localhost.



  • 11.  RE: Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome Browser

    Posted Mar 13, 2015 07:52 PM

    Chrome does an automatic upgrade and I didn't find any easy way to downgrade or ask chrome to use an older version.

    Still that doesn't solve the problem unless vmware comes up with a patch.



  • 12.  RE: Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome Browser

    Broadcom Employee
    Posted Mar 13, 2015 08:30 PM

    Don't expect a patch from us, nobody is looking actively at this issue.  It is a minor problem for plugin developers on Mac since there are easy work-arounds as I explained.



  • 13.  RE: Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome Browser

    Posted Mar 13, 2015 08:40 PM

    Ok.. But I am windows not mac. FYI.



  • 14.  RE: Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome Browser

    Posted Apr 10, 2015 03:59 PM

    Laurent, I see this error in fire fox too.

    Secure Connection Failed

    An error occurred during a connection to localhost:9443. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)

        The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

        Please contact the website owners to inform them of this problem.

    Please.... Chrome and Firefox don't work!!!! I need help. How can we develop! I have a release, and my development is completely halted!

    It is just not localhost, I can't even use the system's ip to go. Please WE NEED A PATCH!



  • 15.  RE: Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome Browser

    Broadcom Employee
    Posted Apr 10, 2015 04:20 PM

    You need to go back to an older version of Firefox or Chrome for localhost development.  There is no known problem with 5.5 and regular Web Client setups (i.e. non localhost)



  • 16.  RE: Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome Browser

    Posted Apr 30, 2015 09:09 PM

    The Answer is Here

    http://community.spiceworks.com/topic/762701-error-code-err_ssl_version_or_cipher_mismatch

    (Have Put Link to give Credit where credit is due)

    *POST FROM SPICEWORKS*

    acasurfacamaster Feb 11, 2015 at 9:52 AM

    1ST POST

    For Chrome v40: Open chrome://flags Look for "Minimum SSL/TLS version supported." Choose SSLv3 Click on "Relaunch now" button Open your https page again You will be redirected to a "Your connection is not private" page. If you do not worry about this security issue click on the "Advanced" link. Finally click on "Proceed to (unsafe)". Solved.

    I am Using Chrome v42, and this still works

    The Google is not strong in you - this took me 3 mins to find the answer - and then another 15 mins to do the right thing and register and post here - as it seemed you guys were getting nowhere.

    Good Luck and Enjoy



  • 17.  RE: Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome Browser

    Posted May 19, 2015 12:38 AM

    I was facing the same issue. I created a new keystore file for tomcat(virgo) and that fixed the issue.



  • 18.  RE: Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome Browser

    Broadcom Employee
    Posted Jun 26, 2015 03:59 PM

    This is the correct way to do it. The certificate must be replaced because DSA certificates are no longer supported.


    Please, don't use the workarounds further above (e.g. tampering with the "Minimum SSL/TLS version supported" flag in Chrome) because they don't really solve the problem and they will stop working in the future when such workarounds get disabled in the browsers.


    So, to create a Virgo server certificate similar to the original one, but using an RSA algorithm, do this:


    keytool -genkey -alias s2dmk -dname "CN=SpringSource dm Kernel, OU=dm Server Team, O=SpringSource" -keyalg RSA -keystore keystore -keypass changeit -storepass changeit


    Then replace file [VIRGO_ROOT]/configuration/keystore with the file you generated above. If you wish, you may back up the original 'keystore' file before overwriting it with the new one.


    If necessary, you can also modify the HTTPS connector in file [VIRGO_ROOT]/configuration/tomcat-server.xml. Replace attribute:


    sslProtocol="TLS"


    with


    sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"


    Also, replace the 'ciphers' attribute with:


    ciphers="TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA"