[GH-ISSUE #475] ERR_SSL_VERSION_OR_CIPHER_MISMATCH until reboot then returns after rebuild/code change #300

New issue

Closed

opened 2026-02-25 22:33:03 +03:00 by kerem · 2 comments

kerem commented 2026-02-25 22:33:03 +03:00

Owner

Copy link

Originally created by @solrevdev on GitHub (Oct 20, 2022).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/475

Environment

• Operating system (including version):

neofetch --off
solrevdev@macmini-office.local
------------------------------
OS: macOS 12.6 21G115 x86_64
Host: Macmini7,1
Kernel: 21.6.0
Uptime: 26 mins
Packages: 345 (brew)
Shell: zsh 5.8.1
Resolution: 2560x1440
DE: Aqua
WM: Quartz Compositor
WM Theme: Blue (Light)
Terminal: iTerm2
Terminal Font: CaskaydiaCoveNerdFontComplete-Regular 16
CPU: Intel i5-4278U (4) @ 2.60GHz
GPU: Intel Iris
Memory: 10098MiB / 16384MiB

• mkcert version (from mkcert -version):

mkcert --version
v1.4.4

• Server (where the certificate is loaded):

dotnet --info
.NET SDK (reflecting any global.json):
 Version:   6.0.402
 Commit:    6862418796

Runtime Environment:
 OS Name:     Mac OS X
 OS Version:  12.6
 OS Platform: Darwin
 RID:         osx.12-x64
 Base Path:   /usr/local/share/dotnet/sdk/6.0.402/

Host:
  Version:      7.0.0-rc.2.22472.3
  Architecture: x64
  Commit:       550605cc93

   "Kestrel": {
        "Certificates": {
            "Default": {
                "Path": "kestrel.pfx",
                "Password": "changeit"
            }
        }
    }

• Client (e.g. browser, CLI tool, or script):
  Brave Version 1.44.112 Chromium: 106.0.5249.119 (Official Build) (x86_64)
  Chrome Version 106.0.5249.119 (Official Build) (x86_64)
  Firefox 106.0 (64-bit)

All 3 give the equivalent of

This site can’t provide a secure connection
localhost uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

What you did

rm kestrel.pfx
mkcert -install
mkcert -pkcs12 -p12-file kestrel.pfx localhost "*.localhost" project.dev "*.project.dev"

I then reference the cert in dotnetcore's appsettings.json file

   "Kestrel": {
        "Certificates": {
            "Default": {
                "Path": "kestrel.pfx",
                "Password": "changeit"
            }
        }
    }

What went wrong

This site can’t provide a secure connection
localhost uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

This has been working for well over a year then the other day I started to get the ERR_SSL_VERSION_OR_CIPHER_MISMATCH message.

Now if I reboot my machine the error will go away until I make a code change and/or restart the server then the ERR_SSL_VERSION_OR_CIPHER_MISMATCH appears in all browsers and nothing will load until I reboot.

But as soon as I need to rebuild or make a code change it returns until I reboot.

I have tried to fix by uninstalling and reinstalled via

mkcert --uninstall 
rm $(mkcert -CAROOT)

# then install again
mkcert -install
mkcert -pkcs12 -p12-file kestrel.pfx localhost "*.localhost" project.dev "*.project.dev"

But the same issue.

Any help or pointers would be great as this has me stumped. 🙏

Originally created by @solrevdev on GitHub (Oct 20, 2022). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/475 ## Environment * Operating system (including version): ```text neofetch --off solrevdev@macmini-office.local ------------------------------ OS: macOS 12.6 21G115 x86_64 Host: Macmini7,1 Kernel: 21.6.0 Uptime: 26 mins Packages: 345 (brew) Shell: zsh 5.8.1 Resolution: 2560x1440 DE: Aqua WM: Quartz Compositor WM Theme: Blue (Light) Terminal: iTerm2 Terminal Font: CaskaydiaCoveNerdFontComplete-Regular 16 CPU: Intel i5-4278U (4) @ 2.60GHz GPU: Intel Iris Memory: 10098MiB / 16384MiB ``` * mkcert version (from `mkcert -version`): ```text mkcert --version v1.4.4 ``` * Server (where the certificate is loaded): ```bash dotnet --info .NET SDK (reflecting any global.json): Version: 6.0.402 Commit: 6862418796 Runtime Environment: OS Name: Mac OS X OS Version: 12.6 OS Platform: Darwin RID: osx.12-x64 Base Path: /usr/local/share/dotnet/sdk/6.0.402/ Host: Version: 7.0.0-rc.2.22472.3 Architecture: x64 Commit: 550605cc93 ``` ```json "Kestrel": { "Certificates": { "Default": { "Path": "kestrel.pfx", "Password": "changeit" } } } ``` * Client (e.g. browser, CLI tool, or script): Brave [Version 1.44.112 Chromium: 106.0.5249.119 (Official Build) (x86_64)](https://brave.com/latest/) Chrome Version 106.0.5249.119 (Official Build) (x86_64) Firefox 106.0 (64-bit) All 3 give the equivalent of ```text This site can’t provide a secure connection localhost uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH ``` ## What you did <!-- Including the `mkcert -install` step and how the certificate was generated and installed. --> ```bash rm kestrel.pfx mkcert -install mkcert -pkcs12 -p12-file kestrel.pfx localhost "*.localhost" project.dev "*.project.dev" ``` I then reference the cert in dotnetcore's appsettings.json file ```json "Kestrel": { "Certificates": { "Default": { "Path": "kestrel.pfx", "Password": "changeit" } } } ``` ## What went wrong <!-- Please include the precise error, like a terminal transcript or a browser screenshot. --> ```text This site can’t provide a secure connection localhost uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH ``` This has been working for well over a year then the other day I started to get the `ERR_SSL_VERSION_OR_CIPHER_MISMATCH` message. Now if I reboot my machine the error will go away until I make a code change and/or restart the server then the `ERR_SSL_VERSION_OR_CIPHER_MISMATCH` appears in all browsers and nothing will load until I reboot. But as soon as I need to rebuild or make a code change it returns until I reboot. I have tried to fix by uninstalling and reinstalled via ```bash mkcert --uninstall rm $(mkcert -CAROOT) # then install again mkcert -install mkcert -pkcs12 -p12-file kestrel.pfx localhost "*.localhost" project.dev "*.project.dev" ``` But the same issue. Any help or pointers would be great as this has me stumped. 🙏

kerem closed this issue 2026-02-25 22:33:03 +03:00

kerem commented 2026-02-25 22:33:03 +03:00

Author

Owner

Copy link

@pwespi commented on GitHub (Oct 31, 2022):

Did the error start after a macOS update?

Have you tried running dotnet clean?

Maybe you can also try the mkcert -ecdsa option?

<!-- gh-comment-id:1297713703 --> @pwespi commented on GitHub (Oct 31, 2022): Did the error start after a macOS update? Have you tried running `dotnet clean`? Maybe you can also try the `mkcert -ecdsa` option?

kerem commented 2026-02-25 22:33:03 +03:00

Author

Owner

Copy link

@solrevdev commented on GitHub (Nov 11, 2022):

So, a quick update.

I've since gotten a new mac m1 and I'm now working on a new .net 7 branch and the issue does not exist with these two factors.

I do still have the machine and the branch of code that caused this so the next time i am on that older machine I'll try it again and see what happens. then I'll move to the .net 7 branch meaning the only difference will be the OS etc

Oh and yes to dotnet clean also deleted bin and obj folders

Very strange but for now on apple silicon and .net 7 all seems well so will close for now

another quick update

So, I upgraded my old machine to use .net 7 and switched to my .net 7 branch. I also re-ran dotnet dev-certs https --clean && dotnet dev-certs https --trust and all now seems to be ok on that machine.

Very odd. I'm not going to investigate any further unless this returns.

<!-- gh-comment-id:1311624377 --> @solrevdev commented on GitHub (Nov 11, 2022): So, a quick update. I've since gotten a new mac m1 and I'm now working on a new .net 7 branch and the issue does not exist with these two factors. I do still have the machine and the branch of code that caused this so the next time i am on that older machine I'll try it again and see what happens. then I'll move to the .net 7 branch meaning the only difference will be the OS etc Oh and yes to `dotnet clean` also deleted `bin` and `obj` folders Very strange but for now on apple silicon and .net 7 all seems well so will close for now **another quick update** So, I upgraded my old machine to use .net 7 and switched to my .net 7 branch. I also re-ran `dotnet dev-certs https --clean && dotnet dev-certs https --trust` and all now seems to be ok on that machine. Very odd. I'm not going to investigate any further unless this returns.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.0

v1.2.0

v1.1.2

v1.1.1

v1.1.0

v1.0.1

v1.0.0

v0.9.1

v0.9.0

Labels

Clear labels   

TLS stack issue

  

Windows

  

bug

  

duplicate

  

duplicate

  

enhancement

  

help wanted

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question

  

root store

  

waiting for info

No labels

TLS stack issue

Windows

bug

duplicate

duplicate

enhancement

help wanted

help wanted

pull-request

question

question

root store

waiting for info

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/mkcert#300

No description provided.