sfw/fix
ERR_SSL_VERSION_INTERFERENCE medium

ERR_SSL_VERSION_INTERFERENCE (TLS 1.3 handshake interference)

Something in the network path is mangling Chrome's TLS 1.3 handshake, usually an antivirus HTTPS scanner, VPN, or buggy middlebox.

What you see

This site can't provide a secure connection
example.com sent an invalid response.
ERR_SSL_VERSION_INTERFERENCE

What’s actually happening

"This site can't provide a secure connection... sent an invalid response." It's intermittent and machine-specific — the same site loads fine on a phone on cellular or on a coworker's laptop, which points at something local rather than the server. Often clears the moment you pause antivirus HTTPS scanning or drop off the VPN. The handshake starts, then gets corrupted partway, so Chrome bails.

Common causes

  • Antivirus / security suite with HTTPS or SSL traffic inspection turned on — Kaspersky's "Inspect SSL traffic", ESET, Avast/AVG web shield are repeat offenders that don't cleanly proxy TLS 1.3.
  • A VPN or local proxy that intercepts TLS and chokes on the 1.3 handshake.
  • A buggy home router or middlebox that tries to parse/modify TLS records it doesn't understand (some older firmware mishandles 1.3's reshaped handshake).
  • An outdated Chrome that's negotiating TLS in a way a stale middlebox can't follow — less common now but historically a trigger.
  • Corrupted local TLS state or a bad network shim/LSP injected by other software.

How to fix it

  1. Disable HTTPS/SSL scanning in your antivirusThis is the most common fix. In Kaspersky turn off "Inspect SSL traffic"; in ESET disable "SSL/TLS protocol filtering"; in Avast/AVG turn off the HTTPS scanning under Web Shield. If the error vanishes, the AV was breaking the handshake — leave scanning off or add the site to its exclusions.
  2. Test with the VPN/proxy offDisconnect the VPN and disable any local/system proxy (Settings > System > Open your computer's proxy settings), then reload. If it works, the tunnel was the interferer — switch VPN protocols or update the client.
  3. Try another network to localize itLoad the site over a phone hotspot or different Wi-Fi. Works elsewhere = your router/middlebox is the problem; update its firmware or replace it. Still broken everywhere on that machine = it's software on the device, go back to the AV/proxy steps.
  4. Update Chrome and clear cached TLS stateUpdate to the current Chrome (chrome://settings/help). Then visit chrome://net-internals/#sockets and flush socket pools, and clear the SSL state, to drop any corrupted half-handshake that's being reused.
  5. Confirm against the deprecated chrome://flags toggle is no longer the moveOld guides say to disable the "TLS 1.3" flag at chrome://flags — that flag has been removed from modern Chrome, so don't chase it. Fix the interceptor instead; downgrading TLS is the wrong direction.

Stop it recurring

Keep security software and router firmware current, and avoid TLS-inspecting AV features on machines that need to reach TLS 1.3 sites.

Related errors

NET::ERR_SSL_OBSOLETE_VERSION (TLS 1.0 / 1.1 deprecated)

medium

The server negotiated TLS 1.0 or 1.1, which Chrome has hard-blocked since version 84, triggering a full-page warning.

SSL Certificate Expired

critical

An expired SSL certificate triggers a full-page "Your connection is not private" warning that blocks every visitor.

Mixed Content Warning

medium

Mixed content is an HTTPS page loading some resources over insecure HTTP — it breaks the padlock and blocks assets.

NET::ERR_CERT_AUTHORITY_INVALID

critical

The browser doesn't trust who issued the certificate — usually a missing intermediate cert or a self-signed one, not an expired one.