Why Target Desktop Resets Connections on Sequoia
Target’s supplier and partner portal is hosted on Google’s cloud infrastructure with Cloudflare as the CDN layer. When partners access the portal from macOS Safari, the TLS 1.3 handshake with ECH can fail because Google’s Cloud Load Balancer configuration does not accept certain ECH cipher suites that Safari’s TLS stack includes in the ClientHello.
The issue is particularly prevalent on shared hosting environments where Target’s backend serves multiple applications from the same load balancer — the TLS configuration may have been optimized for Google Chrome (which has a different cipher suite order than Safari), causing Safari’s handshake to be rejected.
The Role of QUIC and HTTP/3 in Target’s Infrastructure
Target’s Cloudflare configuration enables HTTP/3 (QUIC) by default for supported browsers. QUIC uses a different handshake mechanism that is incompatible with certain ISP gateway configurations. When the ISP gateway cannot parse QUIC packets (which are encrypted at the UDP layer rather than the TCP layer), it drops the packets, causing a connection reset that manifests as ERR_CONNECTION_RESET.
Fixing Target Desktop Connection Resets
Disabling HTTP/3 in Chrome
Download Google Chrome → Settings → Advanced → System → disable Use QUIC protocol. Connect to Target Desktop in Chrome with HTTP/3 disabled — the browser will use HTTP/2 over TCP, which ISP gateways handle reliably. This is the most effective workaround for accessing Target’s portal from regions with legacy ISP infrastructure.
Clearing Browser State and Restarting
Open Safari → Clear History → All History. Then navigate to Safari → Settings → Privacy → Manage Website Data, search for target.com and remove all entries. Restart the Mac and attempt to access Target Desktop in Safari again. The fresh TLS session with a new ClientHello may successfully negotiate a handshake with Cloudflare’s edge nodes if the previous failure was caused by a cached corrupted session ticket.
Call to Action
Before modifying browser settings, run the webs.ninja network lab to test connectivity to Target’s portal endpoints. The diagnostic identifies whether the reset is caused by QUIC blocking, cipher suite incompatibility, or a platform incident, directing your fix to the correct layer.