Due to additional security measures, we have implemented Multi-Factor Authentication (MFA) on this Support Portal. Please log in using your registered email ID or phone number. In case of any difficulty, kindly reach out to Seqrite Support by emailing us at "support@seqrite.com".

Knowledge Base Articles

Error ERR_SSL_VERSION_OR_CIPHER_MISMATCH seen while accessing EPS web console on latest versions of Google Chrome/Mozilla Firefox/Microsoft Edge Browsers

21-02-2022 11:39:45

Overview:
Due to popular web browsers dropping support for TLS1.0 and TLS1.1 protocol, when you login to EPS console, the error "ERR_SSL_VERSION_OR_CIPHER_MISMATCH” appears. This occurs only with EPS Server installed on legacy operating systems (where TLS 1.2 protocol is not enabled/supported).

Applicable Operating System: Microsoft Windows 7 and earlier
Applicable EPS Versions: Seqrite EPS 7.x

Applicable Browser versions:

  • Google Chrome 98.0.4758.102 and above
  • Mozilla Firefox 97.0 and above
  • Microsoft Edge 98.0.1108.50 and above

Description:
When you log in to the EPS console webpage, the following error prompt appears in the browser.


Reason:
This behavior is due to either the browser or operating system not supporting TLS1.2 protocol.

  1. Browser: The latest browser versions allow a minimum TLS protocol version of TLS 1.2.
    TLS 1.0 and TLS 1.1 are no longer supported.
  2. Operating System: TLS1.2 protocol is disabled/unsupported on legacy Operating Systems.
    • TLS 1.2 is disabled by default on Microsoft Windows 7 and 2008 R2
    • TLS 1.2 is unsupported on Microsoft Windows Vista, 2003, and XP

Solution:
Seqrite recommends installing EPS Server on the latest operating system.
Alternatively, you can use the following workarounds:

Workaround 1: Use older web browser versions to access EPS web console.

Workaround 2: Enable TLS 1.2 on Windows 7 and Windows 2008 R2 to access EPS web console on the latest browsers.

To enable TLS 1.2, follows these steps,
1. Right-click Start, then select Run. Type regedit in the Open: box, and then select OK. The Registry Editor window appears.
2. In the Registry Editor window, select the topmost Computer option.
3. To take a backup of the registry, click File > Export. Save the registry file.

Important: In this method, you are editing the registry. This may have detrimental effects on your computer if done incorrectly, so it is strongly recommended to make a backup.

4. In the Registry Editor window, browse to the following registry key.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
5. Right-click the Protocols folder. Select New > Key from the drop-down menu.
This creates a new key folder.
6. Rename the new key folder as TLS 1.2.
7. Right-click the TLS 1.2 key folder and add a new key to that folder.
8. Rename the new key as Server.
9. Right-click the Server key. Select New > DWORD (32-bit) Value from the drop-down list.
10. Rename DWORD to DisabledByDefault.
11. Right-click the name DisabledByDefault and select Modify... from the drop-down menu.
12. Ensure that the Value data field is set to 0 and the Base is Hexadecimal. Click OK.
13. Create another DWORD for the Server key as you did in Step 9.
14. Rename this second DWORD to Enabled.
15. Right-click the name Enabled and select Modify... from the drop-down menu.
16. Ensure that the Value data field is set to 1 and the Base is Hexadecimal. Click OK.
17. Close the Registry Editor window.
18. Reboot the server.

(For more details, please refer TLS1.2 section on this URL.)