[Conda] Error: CondaSSLError — OpenSSL SSL_connect: Connection reset by peer — How to Fix It

Summary

The CondaSSLError: OpenSSL SSL_connect: Connection reset by peer message means that Conda failed to establish a secure HTTPS connection during the SSL handshake. This typically occurs because of outdated or untrusted certificates, restrictive proxies, or OpenSSL mismatches. Updating Conda’s SSL libraries and certificate packages, or temporarily disabling SSL verification for testing, usually resolves the issue.

Context

Conda relies on the OpenSSL library to perform encrypted communication with package repositories like repo.anaconda.com. During an SSL handshake, both client and server exchange certificates to verify identity. When this process fails — for example, due to expired certificates, proxy interception, or system clock errors — Conda throws an SSL-related error and aborts. This is common on corporate networks or older Conda installations where the bundled OpenSSL or certifi package is outdated.

Probable Cause

  • Outdated or invalid SSL certificates preventing proper handshake.
  • Corporate or university proxy intercepting and re-signing HTTPS traffic.
  • Old OpenSSL version in the base environment.
  • Firewall or VPN blocking access to repo.anaconda.com or mirror servers.
  • Incorrect system date or time invalidating certificate validation.

Quick Fix

Follow these steps to restore secure Conda connectivity:

  1. Update Conda and its certificate packages:
conda update conda
conda install -c anaconda certifi
  1. On Windows, update OpenSSL and CA bundles:
conda update openssl
conda install ca-certificates
  1. If behind a proxy or VPN, configure it explicitly:
conda config --set proxy_servers.http  http://user:pass@proxy:port
conda config --set proxy_servers.https https://user:pass@proxy:port
  1. If the proxy intercepts SSL traffic, disable SSL verification temporarily (⚠️ testing only):
conda config --set ssl_verify no
  1. If disabling SSL fixes the issue, restore verification afterward:
conda config --remove-key ssl_verify
  1. Optionally, use a mirror like conda-forge to bypass restrictive servers:
conda config --add channels conda-forge
  1. Retry your command:
conda install 
# or
conda update --all

Full Example

A user runs: 

conda install numpy

and receives: 

CondaSSLError: OpenSSL SSL_connect: Connection reset by peer

They update Conda and SSL components: 

conda update conda
conda install -c anaconda certifi
conda update openssl

The error persists behind a corporate proxy. Configuring proxy settings resolves it: 

conda config --set proxy_servers.https https://user:pass@proxy:8080

After retrying the installation, Conda connects successfully and completes the operation securely.

Pitfalls & Debug

  • Symptom: Works on personal network but fails at work → Fix: Configure proxy or import trusted root certificate.
  • Symptom: SSL verification off fixes it → Fix: Update certificates, then re-enable SSL.
  • Symptom: Persistent certificate verify failedFix: Install latest ca-certificates package.
  • Symptom: Time-based SSL failure → Fix: Correct system clock before retrying.
  • Symptom: Works in browser but not Conda → Fix: Update Conda and OpenSSL dependencies manually.

Validation & Next Steps

Confirm that SSL connections now succeed: 

openssl version
conda info | grep ssl_verify

Ensure that ssl_verify is set to True and that Conda can reach its repositories without errors. For corporate or restricted environments, request IT to install trusted CA certificates system-wide.

Sources

Anaconda Documentation — Troubleshooting SSL issues
Stack Overflow — “CondaSSLError SSL_connect” proxy and certificate threads
conda-forge Docs — SSL and proxy configuration guide
OpenSSL Wiki — SSL handshake and verification details

Labels: Tool/Conda, OS/Windows-macOS-Linux, Topic/SSL-Network