ERR_SSL_VERSION_OR_CIPHER_MISMATCH issue in NPM with cloudflare dns

Guides & Tutorials Tutorials
, ,
1

If you are using Nginx Proxy Manager (NPM), you can configure SSL settings through its web interface. Here’s how you can address the ERR_SSL_VERSION_OR_CIPHER_MISMATCH issue in NPM:

Step-by-Step Guide for Nginx Proxy Manager

  1. Access Nginx Proxy Manager:
    Open your Nginx Proxy Manager web interface by navigating to its URL in your web browser.

  2. Edit the Proxy Host:

    • Go to the “Hosts” section and select “Proxy Hosts.”
    • Find the proxy host that is experiencing the SSL issue and click the “Edit” button.

  3. SSL Configuration:

    • Navigate to the “SSL” tab in the edit proxy host dialog.

  4. Select SSL Certificate:

    • Ensure that you have a valid SSL certificate selected for your domain. If you don’t have one, you can use NPM to issue a Let’s Encrypt certificate.

  5. Advanced SSL Options:

    • Enable “Force SSL” to ensure all traffic is redirected to HTTPS.
    • Enable “HTTP/2 Support” for improved performance.
    • Enable “HSTS Enabled” to add the Strict-Transport-Security header, which enhances security.

  6. Custom SSL Configuration:
    To specify SSL protocols and ciphers, you need to add custom configuration options. This can be done through the “Custom Nginx Configuration” feature in NPM.

    • Go to the “Advanced” tab and scroll to the “Custom Nginx Configuration” section.
    • Add the following directives to specify the SSL protocols and ciphers:
    ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;

    This ensures that only TLS 1.2 and 1.3 protocols are used, and the ciphers are restricted to secure ones.

  7. Save and Apply Changes:

    • Click “Save” to apply the changes to the proxy host.
    • Restart Nginx Proxy Manager if necessary to ensure all settings take effect.

  8. Verify Cloudflare Settings:

    • Log in to your Cloudflare account.
    • Navigate to the “SSL/TLS” settings for your domain.
    • Ensure the SSL/TLS encryption mode is set to “Full” or “Full (strict)”.

Example Custom SSL Configuration in NPM

Here’s a more detailed example of what your custom configuration might look like:

location / {
    proxy_pass http://your_backend_server;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
    ssl_prefer_server_ciphers on;
}

Additional Tips

  • Intermediate Certificates:
    Ensure that any intermediate certificates are correctly included in your SSL certificate chain.

  • Update NPM:
    Ensure you are using the latest version of Nginx Proxy Manager to benefit from the latest security updates and features.

By following these steps, you should be able to resolve the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error while using Nginx Proxy Manager with Cloudflare.