On some reason, I could not open some HTTPS websites (not all of them!) on my Windows 10 laptop. When trying to open such a website in a browser, it shows this error: “
This site can’t provide a secure connection”. The sites are not displayed in Google Chrome, Opera and Chromium-based browsers. Without HTTPS, I can open only some of them that have their pages available both over HTTPS and HTTP protocol. If I try to open a problem HTTPS website in Google Chrome, the error looks like this:
This site can’t provide a secure connection. sitename.com sent an invalid response. ERR_SSL_PROTOCOL_ERROR
Or like this:
This site can’t provide a secure connection. sitename.com uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH. The client and server don’t support a common SSL protocol version or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure.
In Opera and Chromium based browsers, the error looks almost the same. How can I open these https websites?
As you may have understood, the problem is related to the SSL connection issues between you browser and HTTPS website. The reasons may differ. In this article I tried to collect all methods of fixing the error “
This site can’t provide a secure connection, ERR_SSL_PROTOCOL_ERROR” in different popular browsers.
I would like to note that despite Google Chrome, Opera and Chromium-based browsers are released by different companies, but they are using the same Chrome engine, and the problem of opening HTTPS sites is solved in the same way for all of them.
First of all, make sure that it is not the problem of the HTTPS website itself. Try to open from other devices (smartphone, tablet, home/work PC, etc.). Also check if you can open problem website in other browsers: IE/Edge or Mozilla Firefox. A similar error in Mozilla Firefox was discussed in the article Secure Connection Failed on Firefox.
Clear Browser Cache, Cookies and SSL Cache
Browser cache and cookies often cause an SSL certificate issues. We recommend to clear cache and cookies in your browser first. In Chrome, press Ctrl + Shift + Delete (or go to the address
chrome://settings/clearBrowserData), select the time range (All time) and click Clear data.
To clear SSL cache in Windows 10:
- Go to Control Panel -> Internet Options;
- Click the Content tab;
- Click the Clear SSL State button;
- The message “
The SSL cache was successfully cleared” will appear;
- Restart your browser and check if the error ERR_SSL_PROTOCOL_ERROR persists.
Disable Third-Party Browser Extensions
We recommend to disable (delete) third-party browser extensions, especially anonymizers , proxies, VPNs, antivirus extensions, and other similar add-ons that can interfere with traffic to the target website. You can view the list of enabled Chrome extensions in Settings -> More Tools -> Extensions or go to
chrome://extensions/. Disable all suspicious extensions.
Check Antivirus & Firewall Settings
If you have an antivirus or a firewall (it is often built into the antivirus as a module) installed on your computer, they may block access to these websites. To understand if your antivirus or firewall block access to a site, try to pause them for a while.
Many anti-viruses by default have a built-in module that checks the SST/TLS certificates of websites. If an antivirus detects that the website is using an insecure (or self-signed) certificate or an outdated SSL protocol version (SSL v3 or earlier), the antivirus may block the user’s access to such a site. As you can see, it depends on your antivirus. For example:
- Disable the “
Enable SSL/TLS protocol filtering” option in the ESET NOD32 Antivirus;
- In Avast the appropriate option is called “
Enable HTTPS scanning” (it is located in Settings -> Active Protection -> Web Shield -> Customize -> Main Settings).
- The integrated firewall (
Spider Gate) can block website in Dr.Web antivirus.
Check the Date & Time Settings
Wrong date or time (or time zone) on your computer also can cause secure connection errors for HTTPS websites. During authentication your system checks the date when the website certificate was created, when it expires and when the certificate of the higher certification authority will expire.
Make sure that you have the correct time and time zone set. If the time is reset constantly, see the article “Clock reverts to wrong time after a reboot”
Update Windows Root Certificates
If your computer is in an isolated network segment, has not been updated for a long time, or has automatic update disabled, it may not have new trusted root certificates (TrustedRootCA). We recommend to update Windows OS system: install the latest security updates.
You can manually update root certificates following the instructions in the article “Updating List of Trusted Root Certificates in Windows”. Also it is recommended to check your computer for dangerous or unsigned certificates with SigCheck, it can help to prevent capturing your HTTPS traffic and a number of other issues.
Disable QUIC Protocol Support
Make sure if the support of QUIC (Quick UDP Internet Connections) protocol is enabled in Chrome. QUIC enables to faster establish the connection and negotiates all TLS (HTTPS) parameters when connecting to a website. However, in some cases it can cause problems of SSL connections. Try to disable QUIC:
- Go to
- Find the Experimental QUIC protocol option;
- Change its value from Default to Disabled;
- Restart Chrome.
Enable TLS & SSL Protocol Support
And the last thing – it may happen that it is enough to enable TLS and SSL protocol support to solve the problem. In most cases it is the most effective, but I moved this item to the end of the article deliberately. I’ll explain why.
The outdated TLS and SSL protocol versions are disabled not just because the developers want it. It is due to a large number of vulnerabilities that enable hackers to capture your data in the HTTPS traffic or even modify them. Enabling these protocols thoughtlessly affects your security in the Internet, so you shouldn’t use this method unless anything else can help.
Modern OSs and browsers no longer support outdated or vulnerable SSL/TLS protocol versions (SSL 2.0, SSL 3.0 and TLS 1.1). TLS 1.2 and TLS 1.3 (at least) are recommended to use today.
If the site uses earlier SSL/TLS version than the client/browser supports, a user sees the secure connection error.
To enable old SSL/TLS protocol versions (please, again note that it is insecure):
- Open Control Panel -> Internet Options;
- Go to the Advanced tab;
- Enable TLS 1.0, TLS 1.1 and TLS 1.2 (if it doesn’t help, enable SSL 3.0, 2.0 as well);
- Restart your browser.
If neither of these methods helped to eliminate the error “This site can’t provide a secure connection”, try the following:
- Make sure that there are no static records in the file
- Try to use public DNS server, e. g., Google DNS server. In the network connection settings, specify the IP address 22.214.171.124 as the preferred DNS server address;
- In the Control Panel -> Internet Options, make sure that the security level for the Internet zone is Medium-high or Medium. If High is selected, some SSL connections may be blocked by your browser;
- The problem may relate to the website certificate. Check it using online SSL Checker;
- Make sure if TLS 1.3 is enabled in Chrome:
- Go to the settings section (
chrome://flags) in the address bar;
- Find the TLS 1.3 parameter using search;
- Make sure that it is enabled (Enabled) or Default. If it is disabled, enable it.
- Go to the settings section (