Protect Your Site, Build Trust
Discover practical solutions to fix all SSL and security errors quickly and keep your website safe and reliable.
Google reCAPTCHA used. Privacy Policy and Terms of Service apply
The internet has become an integral part of our lives, enabling secure online transactions and protecting sensitive information. One crucial technology that ensures secure communication is SSL/TLS. However, encountering an error message like “NET::ERR_SSL_OBSOLETE_VERSION” can be frustrating and block access to websites.
In this article, we will explore the causes behind this error and provide solutions to overcome it.
Protect Your Site, Build Trust
Discover practical solutions to fix all SSL and security errors quickly and keep your website safe and reliable.
Google reCAPTCHA used. Privacy Policy and Terms of Service apply
Google Chrome, Mozilla Firefox, Microsoft Edge, and other major browsers constantly update their security rules to ensure safer web browsing for their users. This includes deprecating outdated and unsafe SSL/TLS certificates that can be exploited and expose visitors’ information. Thus, you are likely to see the ERR_SSL_OBSOLETE_VERSION warning when visiting websites using older TLS versions such as TLS 1.0 and TLS 1.1.
When a website uses a deprecated and insecure SSL/TLS certificate, browsers block the connection to protect visitors from potential security risks such as data theft, stolen credit card information, etc.
SSL (Secure Sockets Layer) and its successor, TLS (Transport Layer Security), are cryptographic protocols that establish secure connections between clients and servers. They encrypt the data transmitted over the internet, ensuring it remains confidential and protected from unauthorized access.
Secure Socket Layers (SSL) is the predecessor of TLS and has been widely used to secure web communications. SSL operates similarly to TLS, providing encryption and authentication. It utilizes cryptographic algorithms and digital certificates to secure the communication channel. However, SSL has been deprecated in favor of TLS due to vulnerabilities found in its older versions.
Transport Layer Security (TLS) is a widely used protocol that ensures the confidentiality, integrity, and authenticity of data transmitted over a network. It operates on top of the TCP/IP transport protocol suite and encrypts data during transmission. TLS provides a secure connection by using cryptographic algorithms and establishing a handshake process between the client and server.
Due to its improved security, TLS has been universally recognized as the more reliable security protocol and has been replacing the outdated SSL since its introduction in 1999. Although the term SSL is still popular and widely used, current SSL certificates are, in fact, based on TLS.
Several issues can lead to the warning. Below are the most common ones.
Websites that have not updated their SSL/TLS configuration to support the latest secure versions may trigger the error. It is crucial for website administrators to regularly update their SSL/TLS settings to ensure compatibility with modern browsers.
Cipher suites determine the encryption algorithms used in SSL/TLS connections. If a website employs outdated or weak cipher suites, browsers may block the connection, resulting in an error message.
Occasionally, corrupted or expired cached data may trigger the NET::ERR_SSL_OBSOLETE_VERSION on some websites. Your browser might keep outdated information and recognize a website’s certificate as deprecated.
Antivirus and firewall programs keep you safe from many online threats. However, these applications may mistakenly recognize a website’s SSL/TLS certificate as outdated and block you from accessing it.
Sometimes, the error occurs due to browser limitations. If a website exclusively supports outdated SSL/TLS versions, modern browsers will not establish a connection, recognizing it as insecure.
Using the latest and most secure TLS version is essential to maintain a safe and encrypted connection for your users. Checking the TLS version is crucial as it helps you establish whether you are using the latest security standards and ensures the protection of sensitive information transmitted over the internet.
By following these steps, you can easily check the TLS version being used by your website in Chrome DevTools.
To resolve the “NET::ERR_SSL_OBSOLETE_VERSION” error and establish a secure connection, consider the following solutions:
Website administrators should ensure their SSL/TLS configuration supports the latest secure versions. Upgrading to TLS 1.2 or TLS 1.3 is recommended to avoid compatibility issues with the latest versions of web browsers.
If you manage your own server, configure it to support TSL 1.3. Otherwise, contact your web hosting provider to ensure your hosting server is compatible with TLS 1.3.
Although on the SiteGround infrastructure such server configuration changes cannot be performed by the clients, they can rest assured that their websites already use the latest TLS configurations. We have enabled TLS 1.2 and TLS 1.3 on all our servers and disabled the outdated TLS versions 1.0 and 1.1. Read this post for more information about TLS 1.3 and OCSP stapling on SiteGround hosting.
Implement secure and up-to-date cipher suites on the web server. Disabling weak or outdated cipher suites and enabling strong encryption algorithms will enhance compatibility with modern browsers.
Clearing your browsing data will flush any expired or corrupted data. This may resolve the NET::ERR_SSL_OBSOLETE_VERSION error.
To clear the cache on Chrome, follow these steps.
If you use another browser, read this guide on how to clear cache and cookies on desktop browsers.
For mobile devices, check the following articles.
HTTP/2, the successor to HTTP/1.1, offers improved performance and security. Enabling HTTP/2 on the server can help overcome SSL/TLS version-related issues.
SiteGround has implemented HTTP/2 on all servers. For more information, read this post about HTTP/2 on SiteGround servers.
QUIC is a network protocol working along HTTP/2 that helps speed up the connection to websites. Many browsers, such as Google Chrome, Microsoft Edge, and Mozilla Firefox, support QUIC. However, this protocol may not be compatible with some websites. As a result, you may see the NET::ERR_SSL_OBSOLETE_VERSION visiting such websites.
Disable the QUIC protocol on your browser and revisit the problematic website to check if the error is gone.
To disable QUIC on Chrome, follow these steps.
chrome://flags/
Check if your antivirus or firewall application is triggering the NET::ERR_SSL_OBSOLETE_VERSION message by disabling it. After the program is disabled, visit the problematic website to check if the error is resolved. If this is the case, check the program’s settings, contact its support team, or consider switching to an alternative program.
To disable the firewall on Windows, open the Windows menu in the lower left corner. Go to Settings > Updates & Security > Windows Security > Firewall & network protection. Choose one of the networks and turn off the switch for Microsoft Defender Firewall.
On Mac, open System Settings > Network > Firewall. Turn off the slider for Firewall.
If you encounter the “NET::ERR_SSL_OBSOLETE_VERSION” error on a website you do not control, reach out to the website administrator or support team. They may be unaware of the issue and can take the necessary steps to resolve it.
Encountering the “NET::ERR_SSL_OBSOLETE_VERSION” error can be frustrating, but understanding its causes and solutions can help overcome the issue. In general, you should follow a few fundamental principles:
By staying proactive and addressing these concerns, website administrators can provide a safe browsing experience for their visitors and avoid the ERR_SSL_OBSOLETE_VERSION error.
Tackle all SSL errors like an expert! Download our free “How to Fix the Most Common SSL and Security Errors” ebook!
It is not recommended to bypass NET::ERR_SSL_OBSOLETE_VERSION as it indicates potential security risks. However, if you trust the website and understand the risks involved, you can proceed at your own discretion.
Browsers prioritize user security and block connections with obsolete SSL/TLS versions to prevent potential vulnerabilities and attacks. Using outdated SSL/TLS versions can compromise the confidentiality and integrity of data transmitted over the internet.
No, SSL/TLS errors can have various causes. “NET::ERR_SSL_OBSOLETE_VERSION” specifically relates to the use of outdated or insecure SSL/TLS versions.
Read this guide on SSL errors to find more information about the different types of SSL-related errors.
If you are the website owner or administrator, you can fix the error by updating SSL/TLS configurations and ensuring compatibility with modern browsers. For websites you do not control, reaching out to the administrator or support team is the best course of action.