Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

booni3's avatar

Forge/LetsEncrypt SSL error "SSL_ERROR_NO_CYPHER_OVERLAP" TLS version incompatibility?

Some users have complained that they cannot access our site due to a "secure connection failure" i.e. SSL. The actual error code provided is SSL_ERROR_NO_CYPHER_OVERLAP.

SSL has been installed via the forge LetsEncrypt button. I have tested 4 of our sites using https://www.ssllabs.com and all seem to have the same errors show up.

Errors are only related to certain browsers/OS (generally older versions) i.e.

Chrome 49 / XP SP3  Server sent fatal alert: handshake_failure

I also noticed that only TLS 1.2 protocol is supported with my site, so I am guessing that these older browsers are using an older protocol.

| Protocols                                    |     |
|----------------------------------------------|-----|
| TLS 1.3                                      | No  |
| TLS 1.2                                      | Yes |
| TLS 1.1                                      | No  |
| TLS 1.0                                      | No  |
| SSL 3                                        | No  |
| SSL 2                                        | No  |
| For TLS 1.3 tests, we only support RFC 8446. |     |

Laravel themselves noted this change on Twitter (https://twitter.com/laravelphp/status/996477171291033602?lang=en). I wonder how we are supposed to deal with users on older hardware at this stage?

0 likes
1 reply
booni3's avatar

One potential fix around this is to edit the SSL cert configuration within:

sudo nano /etc/nginx/sites-enabled/yoursite.com

I amended the TLS version and cipher certificates to the intermediate settings as recommended by mozilla. It appears as the default Forge setup in now for Modern browsers only, which means many are invalid.

https://mozilla.github.io/server-side-tls/ssl-config-generator/

Re-running the https://www.ssllabs.com/ test shows no errors with browser compatibility but has reduced the cipher strength level a little. So I guess more compatibility with a bit less security.

If anyone has any comments on a better way to do this, please advise.

Please or to participate in this conversation.