Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Troubleshoot SSL or TLS Handshake Failures on G Suite Sites

  1. Last updated
  2. Save as PDF

When you try to access certain G Suite websites in Google Chrome, the pages may fail to load or show connection errors because the web server closes the SSL/TLS handshake immediately after receiving Chrome’s Client Hello message (as seen in a network capture, for example, using Wireshark).

This behavior occurs because Chrome uses the TLS 1.3 Early Data feature, also known as Zero Round Trip Time (0-RTT). Early Data improves performance by sending encrypted application data along with the initial handshake. However, some web servers, firewalls, or intermediary network appliances do not fully support this feature. When the system detects Early Data, it may treat the connection as malformed, terminate the handshake, and fail the connection.

Workaround 

Disable the TLS 1.3 Early Data feature in Chrome to restore access. Disabling this feature forces Chrome to complete a full TLS handshake before sending data, which improves compatibility with most servers.

To disable TLS 1.3 Early Data in Chrome:

  1. Open Google Chrome.

WARNING: This page includes experimental features. Exercise caution when modifying these settings.

  1. In the address bar, type chrome://flags and press Enter.
  2. In the Search flags box, type TLS 1.3 Early Data.
  3. Find the flag named TLS 1.3 Early Data in the results.
  4. Select Disabled from the menu.
  5. Click Relaunch at the bottom of the page to restart Chrome and apply the change.

Once Chrome restarts, it no longer sends Early Data, and the connection to the affected G Suite site should now succeed.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.