"ERR_SSL_VERSION_OR_CIPHER_MISMATCH" error when accessing vCloud Director
search cancel

"ERR_SSL_VERSION_OR_CIPHER_MISMATCH" error when accessing vCloud Director


Article ID: 328531


Updated On:




  • When accessing vCloud Director 9.7 using the fully qualified domain name (FQDN) you encounter the error ERR_SSL_VERSION_OR_CIPHER_MISMATCH
  • Accessing vCloud Director with IP address works successfully
  • WIthin the cell-runtime.log on the  vCloud Director cell you see the following handshake error
2019-04-04 00:22:49,029 | DEBUG    | pool-jetty-13             | HttpEngineStartupAction        | handshake failed | javax.net.ssl.SSLHandshakeException: no cipher suites in common
        at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521)
        at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528)
        at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:802)



This issue occurs as the SSL certificate keystore on the vCloud Director cell is shared by the HTTPS engine and PostgreSQL.
As a result it stops being able to process HTTPS requests that come in to the FQDN due to additional security measures applied by the Server Name Indication (SNI) extension of the TLS protocol.


This is a known issue with vCloud Director 9.7 GA.
This issue is resolved in and later releases of vCloud Director.
vCloud Director and later releases are available via VMware Downloads .

To workaround this issue it is recommended to deploy a load balancer in front of the VCD cell(s) and configure SSL termination to occur on the load balancer. As SSL termination occurs on a load balancer the issue doesn’t occur as IP is used to communicate with the cells in the back-end.