Why Zoom Workplace Resets Connections on Sequoia
Zoom Workplace (the web version of Zoom for meeting joins and settings) is hosted on Amazon Web Services (AWS) with CloudFront as the CDN layer. The web portal uses TLS 1.3 with ECH for all authenticated sessions. When users access Zoom’s web portal from macOS Safari on networks with SSL inspection, the ISP gateway resets the ECH-enabled ClientHello, causing the TLS handshake to fail.
AWS CloudFront’s TLS configuration does not support TLS 1.2 fallback for authenticated sessions. When the ECH-enabled handshake fails, there is no fallback path and the connection terminates immediately with ERR_CONNECTION_RESET.
Browser Integrity Sync on Zoom’s AWS Infrastructure
Zoom uses browser integrity sync across AWS CloudFront’s global edge network. When the TLS handshake is interrupted, the integrity sync fails, and Zoom’s security layer blocks the user’s session, requiring re-authentication with a complete TLS handshake.
Fixing Zoom Connection Resets
Using Chrome with ECH Flags
Download Chrome → modify the shortcut target to include --disable-ECH. Launch Chrome with this flag and access Zoom’s web portal. The flag forces Chrome to signal TLS 1.2 preference to CloudFront, potentially triggering a TLS 1.2 fallback.
Switching to Firefox with TLS 1.2 Maximum
Download Firefox → navigate to about:config → security.tls.version.max → set to 3. Access Zoom in Firefox — TLS 1.2 does not require ECH, allowing the handshake to complete through ISP gateways that block ECH.
Disabling SSL Inspection for Zoom Domains
Configure your network proxy to bypass Zoom domains. In macOS, navigate to System Settings → Network → Wi-Fi → Details → Proxy. Add *.zoom.us, *.zoomgov.com to the bypass list.
Call to Action
Use the webs.ninja network lab to verify connectivity to Zoom endpoints. The diagnostic identifies whether the reset is caused by your ISP’s gateway, a CloudFront edge node failure, or Zoom’s AWS infrastructure, directing the fix to the correct layer.