Troubleshooting · connection error

If the site won’t load

Mirror hosted on library.wuld.ink — a separate host, so this page stays reachable even when wuld.ink itself won’t load. Canonical version: wuld.ink/troubleshooting/.

Seeing “this connection is not secure,” “…sent an invalid response,” or ERR_SSL_PROTOCOL_ERROR — especially on and off, at random, on a page that loaded fine a minute ago? It is almost certainly not the site. It is a modern privacy feature in your browser (Encrypted ClientHello) colliding with something on your network. Here is the roughly 30-second fix.

First — prove it’s local

Open the site on your phone’s mobile data (Wi-Fi off) or a different network. If it loads there but not on your usual Wi-Fi, the culprit is on that network — a security suite, VPN, or router — not the site.

The fix, by browser

Chrome · Edge · Brave — quick, no admin

Open your browser settings, search “secure DNS,” and turn “Use secure DNS” off, then restart the browser. (Address bar: chrome://settings/security or edge://settings/privacy.) This stops the browser attempting the encrypted handshake that’s failing. Worth trying first because it needs no admin rights.

Chrome · Edge — permanent, needs admin

The reliable fix disables just the fragile feature and keeps your DNS private. Run one block in an Administrator PowerShell, then fully restart the browser.

Microsoft Edge:

New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Force | Out-Null
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name "EncryptedClientHelloEnabled" -PropertyType DWord -Value 0 -Force | Out-Null

Google Chrome — same, under the Chrome path:

New-Item -Path "HKLM:\SOFTWARE\Policies\Google\Chrome" -Force | Out-Null
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Google\Chrome" -Name "EncryptedClientHelloEnabled" -PropertyType DWord -Value 0 -Force | Out-Null

Reversible anytime: set the value to 1 or delete the key. Confirm at edge://policy or chrome://policy.

Firefox — no admin

Type about:config in the address bar, accept the warning, then set both of these to false:

network.dns.echconfig.enabled        →  false
network.dns.http3_echconfig.enabled  →  false

Why this happens

Encrypted ClientHello (ECH) encrypts the name of the site you’re visiting so your network can’t see it — a genuine privacy win. But some networks can’t cope with it: an aggressive antivirus, a VPN, a corporate or school firewall, or certain routers will mangle the encrypted handshake, and the connection fails. It’s intermittent because your browser only attempts ECH on some connections, not every one.

The tell: if the error hits you on many different sites (not just this one), the cause is squarely that software or hardware on your side. Turning it off — or applying one of the fixes above — resolves it. The site itself is served over standard, valid HTTPS and is reachable from any clean network.