Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
1 Star2 Stars3 Stars4 Stars5 Stars (7 votes, average: 3.00 out of 5)
Loading...

Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message

Stuck For Seconds On This Message? Try These Fixes.

NOTE: For a more general guide on fixing the TLS handshake failed error, try this.

Down in the lower-left corner of Firefox lives the Status Bar. This is the small grey box that appears when a page is loading or when you hover over a link.

Firefox TLS Handshake

A lot of messages appear in that bar – most flash by so quick you may never have seen them. Each one tells you what Firefox is doing to fetch and render the page for you.

You may have noticed Firefox getting stuck on a particular step: “Performing a TLS handshake.”

Firefox TLS Handshake

The TLS handshake is the process your browser performs to create an HTTPS connection. This should only take a fraction of a second – but in some cases in can drag on for seconds.

If you are frequently noticing that this step takes upwards of 5 seconds, there is likely something wrong. Here are a few ways to troubleshoot the issue:

Create a New Profile

The first thing to try is creating a new Firefox profile. When you use Firefox, all your personalized settings are connected to a specific profile. Your profile data could include misconfigured options or errant data that cause uncommon and hard-to-track-down bugs.

Starting here is easy and will help isolate if the issue is related to Firefox’s settings, or originating elsewhere.

First, open a new tab and paste about:profiles into the address bar and hit enter. This will open the Profile Manager.

Click Create a New Profile and follow the wizard. Click Set as default profile and then close and relaunch Firefox.

Firefox TLS Handshake

Try visiting a few sites which have stalled on the “performing a TLS handshake” status. If they load normally now, you know the issue is your Firefox profile (instead of with the website itself or your connection to the internet).

You can try to troubleshoot your original profile (remember to switch back to it using the Profile Manager), however isolating the issue will be difficult (check if you have a proxy connection configured, and try disabling your add-ons) and it may be due to corrupted data in the profile, which cannot be easily repaired.

Instead, you may want to transfer your important data to the new profile you created.

There is also a small chance the cause is related to self-signed certificates. If you are a developer, or using interval/private websites, check this next solution:

Self-Signed Certificates With Identical Subject/Issuer Information

If this issue is affecting sites using self-signed certificates, then you may be encountering a problem with the way Firefox parses SSL certificates.

Note that if you are experiencing this issue on everyday sites such as Google.com, Facebook.com, or Amazon.com, this is not the cause of your issue. This will mainly affect developers and users of internal/private sites and services.

If you are experiencing slow handshakes on a site with self-signed certificates, where the certificate has been replaced multiple times with new certificates that all have identical Subject/Issuer information (all the info in the “Issuer” and “Subject” fields is the same across certs), Firefox will eventually choke due to the number of possible path-building combinations.

An example of this would be a service which generates a new certificate for “localdomain.test” everytime it is restarted, which you visit multiple times and accept the self-signed certificate. After doing this a number of times, Firefox will have stored all these certificates in its local database and check them all against these other in an attempt to see if there is a valid path.

Following the steps above to create a new profile will resolve this issue temporarily. To confirm this is the cause, switch back to your affected profile (using the steps above), and then open the Profile folder in your operating system’s file explorer.

An easy way to do this is to browse to about:support and then click the Open Folder button for the Profile Folder. Locate cert8.db in your file explorer and rename the file (e.g. “cert8.db.bak”) so that Firefox replaces it. Restart the browser and try visiting an affected site again. If the page loads normally, you have confirmed the issue is related to the local certificate database storing too many self-signed certificates with the same name.

Firefox starts to noticeably slow down after storing 7-8 identically named self-signed certificates. After storing 10 it slows down significantly and can hang on “Performing a TLS handshake” for 30 seconds or more. If it takes a while for you to accumulate this number of identical certificates, it may be workable to just repeat this process every few months. Otherwise, you will want to adjust the way your service generates new certificates so that they do not have identical information.

Wait it out

If you suddenly started experiencing this problem, it may be related to temporary network issues. If all HTTPS connection are suddenly loading slow, it’s possible your ISP is having connectivity issues. If it is only certain sites, than the issue may be related to revocation checking, part of the TLS handshake that requires a connection to third-party servers.

If the issue resolves itself within a day, this was likely the problem.

Still Not Fixed?

The problem with this “Performing TLS handshake” message is that it’s very vague. Anything from a misconfigured VPN to your operating system could be the cause.

If you are still plagued by this problem, you will want to log your HTTP traffic. This will provide detailed information needed to debug the problem. If you get this far – please write a comment below so we can help take a look into your specific issue.


Re-Hashed is a regular feature where we take an older post that our newer readers may not have seen, touch it up and give it a second life. This week we talked about clearing an annoying TLS error in Firefox.

71 comments
  • I am not a computer wiz. I followed the first part and it did not work. I am afraid of the ‘log your HTTP traffic’ instructions.

    • I rebooted the computer…. no help…. i shut down the router…. no help…. i deleted Spotify which was a recent install…. problem cleared up.

    • I am simply going to find a different solution for internet access, I am TIRED of screwing with Firefox and trying to fix all the problems with it being slower than snot dripping!

    • Close Firefox. Make sure you only have 1 profile (default) in C:Users\AppDataRoamingMozillaFirefoxProfiles backup and delete the rest. Open your profile delete all data stored in cache2 folder and the rest of cache folders. Restart firefox and try the page again.

  • When I use ssh proxy server, my firefox times out on “Performing a TLS‌ Handshake on …” even on facebook and youtube.
    But if I use VPN‌ to same server it opens them without any problem! I couldn’t find the reason.

  • I found the solution:
    After using firefox own settings for proxy, and filling the all parts except “SSL Proxy” in firefox manual proxy configuration, the problem disappeared.

  • That didn’t work. It still stalls for several hours trying to load yahoo.com, showing the “TLS handshake”. And now with a new Firefox user profile, I have lost hundreds of bookmarks.

  • i have found mysef lost in the world of pc’s and network. Run into a “Performing TSL handshake to…..”
    and after 3hours of trying different suggestions from various forums such as changing firefox profile, and locate cert8.db in your file explorer and rename the file (e.g. “cert8.db.bak”) have been done with no effect.
    Its a mystery to me and don’t understand how this handshake is able to hang up in an eternal cycle in firefox and in Chrome i get the error message ERR_TIMED_OUT where other devises work fine with the same wifi network. and firefox…

  • I just got ff the phone with a friend who was experiencing the same issue, and the problem disappeared when I had her reset her modem/router, by disconnecting the power from it for one minute, and plugging it back in. I had her shut down the computer prior to the reset.
    Just putting this out there…

  • This happens to me at completely random times. Sometimes while I’m in the middle of a youtube video, sometimes while just trying to load a page. I’ve found restarting my computer clears whatever error is going on and I’m able to surf again (at least for a little while until it decides to stop again).

  • I have had this problem twice, and in each case it was solved by removing and then re-installing Avast antivirus software. Don’t know why it works, but it does!

  • TLS handshake issues occurring AFTER the new Firefox update. Firefox claims to be faster, but is running slower than ever. Issue with website does NOT occur in private window mode, only in regular mode if that helps

  • I have this problem many times a day, usually every 40 minutes or so. It’s deeply annoying. The ISP blames the computer, the computer company (it’s a new PC) blames the ISP, it’s a hellhole. ALmost enough to send me back to ink and paper.

    • lol@ink and paper. For sure something is to blame and it is annoying that Mozilla are unable to nail it down to any particular thing. What is apparent is that so many people are experiencing the same issue about slowing internet while using Firefox. Lets hope it gets remedied before the next lot of updates.

  • The problem occures since this bloody Firefox 57 Quantum. Never before.
    Whenever these mozilla people bring out a new version, something does not work.
    This time it´s the handshake problem.

    The best way to avoid this is using a better browser such as crome.

    All the solutions above do _not_ solve the problem.

  • Klaus,
    this is not unique problem to Firefox only. I use Firefox and Tor regularly. To test “TLS Handshake” problem I also installed IE and Chrome. Guess what? Sites which gave me a this problem in Firefox also did it in IE and Chrome. Only message was different (unable to load; timed out or so…). Only Tor manage to go thru in all sites – bat Tor can’t access/is banned by Google. So, I’m stuck with switching between Tor and Firefox in daily usge. All in all it looks to me as some bug in TLS protocol itself…

  • Keep in mind guys, this problem exists because of the ISP software that is in place to censor websites. Now that the FCC has passed the “no freenet bill” the ISPs can now prevent websites from getting to you. You can clearly see this happening more and more as time goes on and the ISPs are all testing out new censorship software. “Censorship software” is just a laymens way of saying that the ISP are getting ready for when this bill goes through congress. This has already happened with Netflix vs Verizon. It’s why Netflix is now paying Verizon just so Verizon customers can see netflix. This is just one example. But It’s why this bill needs to be denied through congress.

  • I’ve had the same problem (TLS Handshake). Not only with Firefox, but also with the other browsers.
    In my case, it was the crappy software of my Killer networkcard. I removed the Killer suite and installed only the drivers (INF-package).

  • My thanks to Dee Worth (Oct 28 above): for many weeks I’ve had trouble with browser stalling/handshaking/waiting/failing to connect etc. After switching my router off & on: no further problem!

  • My problem was easy to fix. Before I did all the profile changes I just disabled all my Add-Ons in Quantum and started adding them back one by one. My issue with the TLS stall was solved when I disabled Pushbullet, the desktop text message add-on. I sent them an email about any resolution they might have because I like using it but will take it off my computer if it screws up so many other sites.

  • I’ve been having this problem for a few months now on my Win 10 gaming machine, and it has affected loading of websites in FF, IE, Edge and Chrome.

    I happened upon a clue as to what might be happening on my machine (but can’t remember now where I found the clue!) – those with a Killer Networking Adapter and are also using the Killer Performance Suite and are having this problem are advised to try to delete the Performance Suite software and install only the adapter drivers. This worked for me.

    So, follow instructions here:

    https://www.killernetworking.com/driver-downloads/kb/faq/10-installing-drivers-device-manager

    making sure you download the driver BEFORE you uninstall the Killer software (uh, duh, I didn’t :(…)

    This solved the problem for me!

  • Firefox hangs when performing a TLS handshake to images-na.ssl-images-amazon.com
    The connection times out and no images load. I disabled ublock in case a blocklist setting was bad but it had no effect. Then I thought it was an ISP net neutrality problem. Read more and found out that Mozilla is having issues with Symantec certificates. https://wiki.mozilla.org/CA:Symantec_Issues

  • I have the same issue. This is caused by my hostfile and dns blackhole server, ‘blocking’ certain domain names. Because these names are resolved to 127.0.0.1 (the local machine) the TLS handshake is never completed.

  • I don’t understand why, when loading a page that’s completely unrelated to Facebook, I see the message “performing TLS handshake to Facebook.” All pages are taking longer to load, often pausing after loading part of the page.

  • Created new Firefox Profile and STILL have this TLS Handshake issue – doesn’t matter WHICH site I try to get to. Funny thing is, it’s only happening on my PC; not my laptop. PC had to have Windows 10 completely re-installed yesterday because Microsoft Remote Online “Help” buggered it up so badly. (Do not use them – chances are you going to end up chatting with someone who knows less about computers than you do). I going to comb through all the messages above and see if something else works for me. Creating a new Firefox Profile didn’t help at all.

  • Thanks to all who suggested rebooting the router. After hours of troubleshooting every suggestion I could find, simply rebooting the router worked! 🙂

  • Just for the hell of it I installed Firefox 57.0.4 and this made no difference. Still got the same problem.
    Switched off the router, switched it back on, still got the same problem (which figures).
    I’m happy to try most solutions except delete my profile.

  • “If you are still plagued by this problem, you will want to log your HTTP traffic.” Impossible to do so – the Start Logging button is greyed out. Nothing on that page is configurable. Using the Web Console’s Network debugger gave me no information that I didn’t know already, i.e. time-out on TLS handhake… this is all appearing to be a futile waste of time and I should just stick to opening that site in another browser.

  • I created a new profile and made it a default (as advised), but when I restarted Firefox (59.0.2), nothing worked at all, and I even got “The owner of support.mozilla.org has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.” Needless to say, I reverted to my old profile. So I’m back to my original problem.

  • I have the same problem quite often, but not always. I can’t open certain websites sometimes. It’s mainly taobao.com – can’t open on Chrome, FF and Edge. So it’s related to a specific browser. Tried a lot of things.

    Today first time tried a router reboot – and it worked!

    Sometimes the most easy solutions are hard to find.

  • I did not see the “Performing a TLS handshake” message until one of the recent updates, maybe version 58, or 57. Maybe it’s my imagination, but it seems like some of those processes that display in the Status Bar cause a bit more delay in downloading web pages – not that I have seen the “TLS handshake” message for more than a fraction of a second, maybe a full second at most.

  • I have this problem in all my network. Basically, I have some computer behind a Server, which have Firewall (IPTABLES) and Proxy (Squid3 – Transparent Mode) roles. The first time that I deployed this server, I only got trouble with Twitter: the page was not loading correctly and there were components (images, css, etc.) that were loaded via an specific host (abs.twimg.com). And now, seems like YouTube has changed something on its infrastructure, that the same thing started to happen: the Thumbs from YouTube videos and probably CSSs are not loading, and I have a blank page. The same applies to Pinterest…

    I decided to use the Network Logger from Firefox (about:network) and I got some stuff, but nothing very clear…

    2018-04-10 19:26:31.811328 UTC – [Main Thread]: D/cache2 CacheFileMetadata::SetElement() [this=0x7f8c3ec42e80, key=predictor::https://abs.twimg.com/a/1523337269/css/t1/nightmode_twitter_core.bundle.css, value=0x7f8c4a7dd7e8]
    2018-04-10 19:26:31.811331 UTC – [Main Thread]: D/cache2 CacheFileMetadata::GetElement() – Key not found [this=0x7f8c3ec42e80, key=predictor::https://abs.twimg.com/a/1523337269/css/t1/nightmode_twitter_core.bundle.css%5D
    2018-04-10 19:26:31.811381 UTC – [Main Thread]: D/cache2 CacheFileMetadata::GetElement() – Key found [this=0x7f8c4059b580, key=predictor::https://abs.twimg.com/%5D
    2018-04-10 19:26:31.811398 UTC – [Main Thread]: D/cache2 CacheFileMetadata::SetElement() [this=0x7f8c4059b580, key=predictor::https://abs.twimg.com/, value=0x7f8c4a7dd828]
    2018-04-10 19:26:31.811402 UTC – [Main Thread]: D/cache2 CacheFileMetadata::GetElement() – Key found [this=0x7f8c4059b580, key=predictor::https://abs.twimg.com/%5D
    2018-04-10 19:26:31.811799 UTC – [Main Thread]: D/cache2 CacheFileMetadata::GetElement() – Key not found [this=0x7f8c3ec42e80, key=predictor::https://abs.twimg.com/a/1523337269/css/t1/nightmode_twitter_more_1.bundle.css%5D
    2018-04-10 19:26:31.811819 UTC – [Main Thread]: D/cache2 CacheFileMetadata::SetElement() [this=0x7f8c3ec42e80, key=predictor::https://abs.twimg.com/a/1523337269/css/t1/nightmode_twitter_more_1.bundle.css, value=0x7f8c4a7dd808]
    2018-04-10 19:26:31.811823 UTC – [Main Thread]: D/cache2 CacheFileMetadata::GetElement() – Key not found [this=0x7f8c3ec42e80, key=predictor::https://abs.twimg.com/a/1523337269/css/t1/nightmode_twitter_more_1.bundle.css%5D
    2018-04-10 19:26:31.811876 UTC – [Main Thread]: D/cache2 CacheFileMetadata::GetElement() – Key found [this=0x7f8c4059b580, key=predictor::https://abs.twimg.com/%5D
    2018-04-10 19:26:31.811890 UTC – [Main Thread]: D/cache2 CacheFileMetadata::SetElement() [this=0x7f8c4059b580, key=predictor::https://abs.twimg.com/, value=0x7f8c4a7dd848]
    2018-04-10 19:26:31.811894 UTC – [Main Thread]: D/cache2 CacheFileMetadata::GetElement() – Key found [this=0x7f8c4059b580, key=predictor::https://abs.twimg.com/%5D
    2018-04-10 19:26:31.811982 UTC – [Main Thread]: D/cache2 CacheFileMetadata::GetElement() – Key not found [this=0x7f8c3ec42e80, key=predictor::https://abs.twimg.com/a/1523337269/css/t1/nightmode_twitter_more_2.bundle.css%5D

    Anyone has any idea? Something is missing in my Firewall, in order to allow these TLS connections to be established normally, fitting with the changes that happened on Youtube and Twitter platforms..

    Thanks 🙁

  • in firefox 58, if you go to about:config in your browser and search for the network.proxy.proxy_over_tls entry and click it to make it false, it fixes it.

  • after deleting the cert8 and cert9 (if it is there) from C:\Users\%username%\AppData\Roaming\Mozilla\Firefox\Profiles\

  • It has been suggested to disable IPv6. I did it in FF and it certainly helped.

    about:config, search for IPv6

    network.dns.disableIPv6 toggle to true
    network.notify.IPv6 toggle to true

  • I have the same problem and it doesn’t matter if I use Chrome or Firefox. I’ve done everything from reboot/unplug modem, macbook, create new default profile in Firefox, disable add-ons, etc.

  • I’ve just moved houses and got a new router. Firefox TLS’d after a few hours of use. After fidling with the profiles and getting nowhere I disabled Avast and it all works like a charm. Now I need to either sort out some rule exclusions inside the antivirus or change it completely.

  • Having Antivirus that scans SSL connections (with MITM certificate) like Avast can also slows SSL handshake.

  • I had the same problem, I resolved my issue by disabling the HTTPS check in NOD32 Antivirus. This problem is annoying but fixable.

  • I have a slight twist on this issue. I am using FF. Win 10. I had this on a previous win 7 build also.
    I search for something in firefox, and it hangs. No error message, no result. just a white screen. If i type http://www.google.de, it instantly opens google.de and i can search for the same term without any issue. I can also go to other URLs if i type out their name or from bookmarks. I did the http logging and have the file. its 35mb. This is my work pc and it goes via vpn through the Deutsche Telekom network. The funny thing is that this is not consistent. For long period google.com will be fine. And then sometimes not. It would be great to understand this.
    Thanks

  • The latest versions of Firefox, Chrome & Edge all fail to load various (though not all) secure sites. ( https://www.bbc.co.uk/news, for example). In Firefox, I can see failure occurs while displaying the “Performing a TLS handshake” message. I’ve tried reinstalling Chrome, turning off Norton Internet Security, resetting cable modem & router, everything I can think of. Nothing works. I have Windows 10, 64 bit. Mine is the only computer in the house with the problem, which started happening 2 days ago. I’ve worked in the computer field for 30 years, but this one has me stumped.

  • I had a sudden, brief power outage and got the handshake msg when trying to access Yahoo on Firefox and Internet Explorer. But since I had battery backup it didn’t occur to me to try rebooting my wireless router. I spent five hours troubleshooting the problem to no avail. I just rebooted my server as suggested by posters above and the problem went away. I agree that sometimes the simplest solutions are best.

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha *

Author

Vincent Lynch

The SSL Store’s encryption expert makes even the most complex topics approachable and relatable.