I recently published both a React application and a nodejs web service on render.com. Additionally, I purchased a domain from GoDaddy and set up a custom domain for my React application on Render, using that domain, and a custom domain for the web service, using a subdomain of that domain.
I can access both domains with no issues from most devices, but in other devices I get the “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” error. I've checked my domain's certificate, TLS version, cipher suite, and everything is as it's supposed to be. I don't know what else to check and/or do to fix this issue, since I really need to access those applications from those devices.
This is just a guess until more information is given, but it's an educated guess.
During a TLS handshake, the client offers a range of protocol versions and cipher suites. The server then picks from these options to continue the handshake, but if it doesn't support any combination of the versions and ciphers, it returns
ERR_SSL_VERSION_OR_CIPHER_MISMATCH.This usually happens when either the server or the client are very strict, due to security (only strong versions/ciphers are allowed), or the software is outdated (and doesn't support newer versions/ciphers).
Specifically to render.com, it seems that it does not allow configuring TLS cipher suites or protocol versions. And scanning a sample app shows that Render's web servers only support TLS 1.2 and 1.3, with surprisingly few cipher suites for TLS 1.2. According to SSL Labs this would fail in Safari 8 or earlier (are the problematic devices perhaps old iPhones?).
There are three solutions: