Understanding Wish Merchant Portal TLS Failures
Wish’s merchant portal is hosted on Google Cloud Platform (GCP) with Cloudflare as the CDN layer in front. When merchants access the portal from macOS Safari, the TLS 1.3 handshake with ECH can fail due to Cloudflare’s TLS edge configuration not supporting certain ECH cipher suites that Safari’s stack sends by default.
Cloudflare periodically rotates the cipher suites it supports, and macOS Sequoia’s Safari may send a cipher suite that Cloudflare’s current configuration does not accept, resulting in a handshake failure and connection reset. This is a compatibility issue between Cloudflare’s edge TLS configuration and Apple’s TLS 1.3 implementation.
Why Cipher Suite Mismatches Cause Connection Resets
TLS 1.3 cipher suites are negotiated during the handshake — the client offers its supported cipher suites, and the server selects one it supports. If Safari offers a cipher suite that Cloudflare does not accept (for example, due to Cloudflare’s current security policy rejecting certain elliptic curves), Cloudflare responds with a fatal alert and terminates the connection, resulting in ERR_CONNECTION_RESET.
Fixing Wish Merchant Portal Connection Resets
Using Chrome with TLS 1.3 Disabled as Workaround
Chrome on macOS allows disabling TLS 1.3 via command-line flag. Right-click the Chrome shortcut → Properties → Target, and append --tls-max-version=1.2. This forces Chrome to use TLS 1.2, which does not involve ECH or modern cipher suite negotiation — the handshake uses cipher suites that Cloudflare’s current configuration fully supports, resolving the connection reset.
Clearing Cloudflare Cache for Wish Merchant Portal
If the cipher suite issue is specific to a cached Cloudflare configuration, clearing the cache may resolve it. There is no merchant-level Cloudflare cache purge tool, but you can force a fresh TLS handshake by clearing all browser data (Safari → Clear History → All History) and restarting Safari. The new session will perform a fresh TLS 1.3 negotiation with Cloudflare’s current cipher suite configuration.
Verifying Wish Platform Status
Before applying browser-level fixes, check the Wish status page to confirm whether the merchant portal is experiencing an active incident. Search “is the platform down right now” for Wish — if the platform is down, the connection reset is infrastructure-driven and no client-side fix will resolve it until Wish’s engineering team restores normal operation.
Call to Action
Use the webs.ninja network lab to run a TLS handshake diagnostic for Wish’s merchant portal. The diagnostic identifies the specific cipher suite that caused the handshake failure, allowing you to determine whether the issue is a Cloudflare configuration change or a local browser cipher suite preference. If the diagnostic shows a cipher mismatch, use Chrome with TLS 1.2 forced as described above.