Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
Stuck For Seconds On This Message? Try These Fixes.
NOTE: For a more general guide on fixing the TLS handshake failed error, try this.
Down in the lower-left corner of Firefox lives the Status Bar. This is the small grey box that appears when a page is loading or when you hover over a link.
A lot of messages appear in that bar – most flash by so quick you may never have seen them. Each one tells you what Firefox is doing to fetch and render the page for you.
You may have noticed Firefox getting stuck on a particular step: “Performing a TLS handshake.”
The TLS handshake is the process your browser performs to create an HTTPS connection. This should only take a fraction of a second – but in some cases in can drag on for seconds.
Taking a Closer Look at the SSL/TLS Handshake
There’s a lot going on underneath the hood when you connect to a website via HTTPS. First and foremost, everyone needs to… shake hands?!
If you are frequently noticing that this step takes upwards of 5 seconds, there is likely something wrong. Here are a few ways to troubleshoot the issue:
Create a New Profile
The first thing to try is creating a new Firefox profile. When you use Firefox, all your personalized settings are connected to a specific profile. Your profile data could include misconfigured options or errant data that cause uncommon and hard-to-track-down bugs.
Starting here is easy and will help isolate if the issue is related to Firefox’s settings, or originating elsewhere.
First, open a new tab and paste about:profiles into the address bar and hit enter. This will open the Profile Manager.
Click “Create a New Profile” and follow the wizard. Click “Set as default profile” and then close and relaunch Firefox.
Try visiting a few sites which have stalled on the “performing a TLS handshake” status. If they load normally now, you know the issue is your Firefox profile (instead of with the website itself or your connection to the internet).
You can try to troubleshoot your original profile (remember to switch back to it using the Profile Manager), however isolating the issue will be difficult (check if you have a proxy connection configured, and try disabling your add-ons) and it may be due to corrupted data in the profile, which cannot be easily repaired.
Instead, you may want to transfer your important data to the new profile you created.
There is also a small chance the cause is related to self-signed certificates. If you are a developer, or using interval/private websites, check this next solution:
Self-Signed Certificates With Identical Subject/Issuer Information
If this issue is affecting sites using self-signed certificates, then you may be encountering a problem with the way Firefox parses SSL certificates.
Note that if you are experiencing this issue on everyday sites such as Google.com, Facebook.com, or Amazon.com, this is not the cause of your issue. This will mainly affect developers and users of internal/private sites and services.
If you are experiencing slow handshakes on a site with self-signed certificates, where the certificate has been replaced multiple times with new certificates that all have identical Subject/Issuer information (all the info in the “Issuer” and “Subject” fields is the same across certs), Firefox will eventually choke due to the number of possible path-building combinations.
An example of this would be a service which generates a new certificate for “localdomain.test” everytime it is restarted, which you visit multiple times and accept the self-signed certificate. After doing this a number of times, Firefox will have stored all these certificates in its local database and check them all against these other in an attempt to see if there is a valid path.
Following the steps above to create a new profile will resolve this issue temporarily. To confirm this is the cause, switch back to your affected profile (using the steps above), and then open the Profile folder in your operating system’s file explorer.
An easy way to do this is to browse to about:support and then click the Open Folder button for the Profile Folder. Locate cert8.db in your file explorer and rename the file (e.g. “cert8.db.bak”) so that Firefox replaces it. Restart the browser and try visiting an affected site again. If the page loads normally, you have confirmed the issue is related to the local certificate database storing too many self-signed certificates with the same name.
Firefox starts to noticeably slow down after storing 7-8 identically named self-signed certificates. After storing 10 it slows down significantly and can hang on “Performing a TLS handshake” for 30 seconds or more. If it takes a while for you to accumulate this number of identical certificates, it may be workable to just repeat this process every few months. Otherwise, you will want to adjust the way your service generates new certificates so that they do not have identical information.
Wait it out
If you suddenly started experiencing this problem, it may be related to temporary network issues. If all HTTPS connection are suddenly loading slow, it’s possible your ISP is having connectivity issues. If it is only certain sites, than the issue may be related to revocation checking, part of the TLS handshake that requires a connection to third-party servers.
If the issue resolves itself within a day, this was likely the problem.
Still Not Fixed?
The problem with this “Performing TLS handshake” message is that it’s very vague. Anything from a misconfigured VPN to your operating system could be the cause.
If you are still plagued by this problem, you will want to log your HTTP traffic. This will provide detailed information needed to debug the problem. If you get this far – please write a comment below so we can help take a look into your specific issue.
Re-Hashed is a regular feature where we take an older post that our newer readers may not have seen, touch it up and give it a second life. This week we talked about clearing an annoying TLS error in Firefox.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown