Issue
When sending requests to your application you're seeing errors like:
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.
Resolution
This issue often happens when your SSL certificate uses elliptic curve algorithms either for the hash function used to sign the certificate when generating it or when generating the key. A certificate can be generated and signed using elliptic curve hash functions while not generating a key using an elliptic curve algorithm. If either is the case (or both), the certificate will not work on the Heroku platform.
You can check your certificate by running:
openssl x509 -noout -text -in ~/path/to/your/certificate.crt
A line like this indicates that your certificate was signed using an elliptic curve hash function (the ec
in ecdsa
indicates 'elliptic curve'):
Signature Algorithm: ecdsa-with-SHA256
You can also look for a line mentioning ASN1 OID
, which indicates that the key was generated using an elliptic curve (the value is the named curve that was used).
If you see that your SSL certificate is using elliptic curve, contact the certificate issuer you used to see if they can issue you an RSA certificate instead.