Dear Valued Customer, We are upgrading our customer portal to enhance your experience. For Support, please send mail on support@seqrite.com Thank you for your patience and understanding. Best regards, Seqrite

Knowledge Base Articles

Error ERR_SSL_VERSION_OR_CIPHER_MISMATCH seen while accessing EPS web console on latest versions of Google Chrome/Mozilla Firefox/Microsoft Edge Browsers

20-02-2022 18:09:45

Overview:
Due to popular web browsers dropping support for TLS1.0 and TLS1.1 protocol, when you login to EPS console, the error "ERR_SSL_VERSION_OR_CIPHER_MISMATCH” appears. This occurs only with EPS Server installed on legacy operating systems (where TLS 1.2 protocol is not enabled/supported).

Applicable Operating System: Microsoft Windows 7 and earlier
Applicable EPS Versions: Seqrite EPS 7.x

Applicable Browser versions:

  • Google Chrome 98.0.4758.102 and above
  • Mozilla Firefox 97.0 and above
  • Microsoft Edge 98.0.1108.50 and above

Description:
When you log in to the EPS console webpage, the following error prompt appears in the browser.


Reason:
This behavior is due to either the browser or operating system not supporting TLS1.2 protocol.

  1. Browser: The latest browser versions allow a minimum TLS protocol version of TLS 1.2.
    TLS 1.0 and TLS 1.1 are no longer supported.
  2. Operating System: TLS1.2 protocol is disabled/unsupported on legacy Operating Systems.
    • TLS 1.2 is disabled by default on Microsoft Windows 7 and 2008 R2
    • TLS 1.2 is unsupported on Microsoft Windows Vista, 2003, and XP

Solution:
Seqrite recommends installing EPS Server on the latest operating system.
Alternatively, you can use the following workarounds:

Workaround 1: Use older web browser versions to access EPS web console.

Workaround 2: Enable TLS 1.2 on Windows 7 and Windows 2008 R2 to access EPS web console on the latest browsers.

To enable TLS 1.2, follows these steps,
1. Right-click Start, then select Run. Type regedit in the Open: box, and then select OK. The Registry Editor window appears.
2. In the Registry Editor window, select the topmost Computer option.
3. To take a backup of the registry, click File > Export. Save the registry file.

Important: In this method, you are editing the registry. This may have detrimental effects on your computer if done incorrectly, so it is strongly recommended to make a backup.

4. In the Registry Editor window, browse to the following registry key.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
5. Right-click the Protocols folder. Select New > Key from the drop-down menu.
This creates a new key folder.
6. Rename the new key folder as TLS 1.2.
7. Right-click the TLS 1.2 key folder and add a new key to that folder.
8. Rename the new key as Server.
9. Right-click the Server key. Select New > DWORD (32-bit) Value from the drop-down list.
10. Rename DWORD to DisabledByDefault.
11. Right-click the name DisabledByDefault and select Modify... from the drop-down menu.
12. Ensure that the Value data field is set to 0 and the Base is Hexadecimal. Click OK.
13. Create another DWORD for the Server key as you did in Step 9.
14. Rename this second DWORD to Enabled.
15. Right-click the name Enabled and select Modify... from the drop-down menu.
16. Ensure that the Value data field is set to 1 and the Base is Hexadecimal. Click OK.
17. Close the Registry Editor window.
18. Reboot the server.

(For more details, please refer TLS1.2 section on this URL.)