Introduction
SSL encryption protects websites and their users from malicious actors attempting to steal personal information or hack a website. If there is an issue with the website's SSL certificate or the visitor's browser configuration, the browser reports an SSL error and prevents insecure traffic.
This article helps you troubleshoot the ERR_SSL_PROTOCOL_ERROR and provides methods to fix it, regardless of whether you are a website owner or a visitor.
What Is ERR_SSL_PROTOCOL_ERROR?
When a user attempts to access an SSL-encrypted website, the browser exchanges credentials with the web server in a process called the TLS handshake. ERR_SSL_PROTOCOL_ERROR occurs when the server and the web browser fail to perform a proper TLS handshake, which results in the SSL receiving a corrupt handshake record.
All Chromium-based browsers report the problem as ERR_SSL_PROTOCOL_ERROR and show a message stating that the site cannot provide a secure connection. Below is an example of the error appearing in Google Chrome.
Microsoft Edge shows a similar message, as seen in the screenshot below.
Opera uses a different page style but displays the same information as Google Chrome.
Browsers using different engines may show different errors for the same issue. For example, Firefox shows the SSL_ERROR_RX_MALFORMED_HANDSHAKE.
Safari only reports that it cannot establish a secure connection but does not show the actual error.
What Causes ERR_SSL_PROTOCOL_ERROR?
The reasons for the ERR_SSL_PROTOCOL_ERROR can originate on either side of the TLS handshake. The error results from misconfigurations or overly strict security settings on a client computer, such as:
- An antivirus or a firewall blocking the connection.
- A misbehaving browser extension.
- An issue with the QUIC protocol encryption.
- Wrong system date and time.
The server-side reasons for the error include:
- Outdated or insecure protocols installed.
- An expired or missing SSL certificate.
- A revoked SSL certificate.
- The SSL-certified website not forcing the HTTPS connection.
- The DNS A record misconfiguration.
How to Fix the ERR_SSL_PROTOCOL_ERROR?
The following sections provide solutions for fixing a website's ERR_SSL_PROTOCOL_ERROR client-side and server-side. If you are a website visitor, refer to the solutions for end users to attempt to resolve the issue locally. Website owners or administrators should read solutions for web admins.
Solutions for End Users
To determine whether your system is responsible for displaying the ERR_SSL_PROTOCOL_ERROR, try to connect to the website using another computer or smartphone. If you still cannot access the website, the problem is likely on the server side.
Conversely, if the website is accessible from another device, troubleshoot the issue by applying the solutions listed below.
Temporarily Disable Antivirus and Firewall
The ERR_SSL_PROTOCOL_ERROR can appear due to overly strict system security settings. Temporarily turning off security allows you to test whether it is the reason for the SSL error.
Below is an example of the procedure for the Windows Security suite:
1. Open Windows Security. The main page features antivirus and firewall sections.
2. Go to Virus & Threat Protection and select Manage Settings in the Virus & Threat Protection Settings section.
3. Turn Real-Time Protection off.
4. Return to the main page of Windows Security and select Firewall & Network Protection.
5. Disable the firewall for the network you are currently using.
6. Try loading the website again.
Warning: Permanently disabling security can put your system at risk. Ensure you revert the settings to the previous state once you finish the test.
Disable Browser Extensions
A misbehaving browser extension can cause trouble with the SSL authentication procedure. If you use extensions, try disabling them to resolve the SSL protocol error.
The following steps show how to turn off extensions in Google Chrome:
1. Open a new tab and type the following address in the address bar:
chrome://extensionsThe Extensions page appears.
2. Disable all extensions by clicking the switch in the bottom-right corner of each extension card.
3. Try loading the website again. If the issue is resolved, enable extensions one by one until you find the culprit.
Disable Experimental QUIC Protocol
QUIC is an experimental UDP-based protocol developed to improve the performance of Google web apps. Deactivating it in Chrome forces the browser to use HTTP instead of HTTPS, which can help you access the website.
Follow the steps below to disable QUIC in Google Chrome:
1. Type the following address in the address bar:
chrome://flagsThe Flags page appears.
2. Type QUIC in the search bar at the top of the page and press Enter.
Select Disabled from the dropdown menu on the right side of the Experimental QUIC protocol listing.
3. Select the Relaunch button at the bottom of the page to restart Chrome.
4. Try to access the website and see if disabling QUIC has resolved the issue.
Check System Clock
Ensure that your system's time is correctly set. Incorrect date, time, and timezone settings may cause conflicts during a TLS handshake, resulting in the ERR_SSL_PROTOCOL_ERROR.
Every operating system has a settings section for the current date and time. In Windows, for example, go to Settings > Time & Language > Date & Time Settings.
Note: Learn the difference between TLS and SSL.
Solutions for Web Admins
If you receive reports that your website shows the ERR_SSL_PROTOCOL_ERROR, there are multiple actions you can take to troubleshoot the problem. The sections below show how to deal with the most common causes of this issue.
Verify TLS Protocols in Use
Using outdated protocols may produce the ERR_SSL_PROTOCOL_ERROR when interacting with most modern browsers. A properly configured web server should use the modern TLS encryption protocols, i.e., TLS 1.2 and TLS 1.3, while outdated protocols, such as TLS 1.0, SSL 2.0, and SSL 3.0, must be disabled.
For example, if you use an Apache web server, you can modify the SSL configuration by editing the ssl.conf file:
1. Open the file in a text editor:
sudo nano /etc/apache2/mods-available/ssl.conf2. Enable secure ciphers by setting the SSLCipherSuite value to HIGH:!aNULL:
SSLCipherSuite HIGH:!aNULL
3. Enable SSLHonorCipherOrder:
SSLHonorCipherOrder on
4. Set SSLProtocol value to all +TLSv1.2 +TLSv1.3:
SSLProtocol all +TLSv1.2 +TLSv1.3
Save the file and exit.
5. Restart Apache:
sudo systemctl restart apache2Check Your SSL Certificate
An expired, revoked, or improperly installed SSL certificate is frequently responsible for SSL errors. Check the status of your certificate by following the steps below:
1. Navigate to your website in a web browser and click the padlock icon in the address bar.
2. Select the padlock option from the menu.
The Security card opens.
3. The bottom of the card should show your certificate as valid.
4. Click the message to see more details about the certificate.
If you determine a problem, you can obtain a new certificate from a certificate authority and install the certificate on your website.
Fix DNS Issues
Improperly configured DNS A records can also cause the ERR_SSL_PROTOCOL_ERROR. To check whether your DNS record points to the correct IP address, use the following dig command:
dig example.com +shortThe command outputs the IP address associated with the domain.
If the IP address differs from the expected, use your DNS control panel to make the necessary DNS configuration changes.
Force HTTPS
By default, websites run on HTTP protocol. However, most SSL certificates force the use of HTTPS to increase security. Using SSL encryption without forcing HTTPS may cause the SSL protocol error.
To check whether your website forces HTTPS, consult your hosting provider's documentation for the location of the relevant SSL settings.
Conclusion
This guide provided the most common troubleshooting steps for resolving the ERR_SSL_PROTOCOL_ERROR. Since the error can originate on both the server and the client side, the article included separate sections for end-users and web admins.
If you are interested in internet security, read our Ultimate Guide to Types of SSL Certificates.
