Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 3.00 out of 5)
Loading...

Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message

Stuck For Seconds On This Message? Try These Fixes.

Down in the lower-left corner of Firefox lives the Status Bar. This is the small grey box that appears when a page is loading or when you hover over a link.

Firefox TLS Handshake

A lot of messages appear in that bar – most flash by so quick you may never have seen them. Each one tells you what Firefox is doing to fetch and render the page for you.

You may have noticed Firefox getting stuck on a particular step: “Performing a TLS handshake.”

Firefox TLS Handshake

The TLS handshake is the process your browser performs to create an HTTPS connection. This should only take a fraction of a second – but in some cases in can drag on for seconds.

If you are frequently noticing that this step takes upwards of 5 seconds, there is likely something wrong. Here are a few ways to troubleshoot the issue:

Create a New Profile

The first thing to try is creating a new Firefox profile. When you use Firefox, all your personalized settings are connected to a specific profile. Your profile data could include misconfigured options or errant data that cause uncommon and hard-to-track-down bugs.

Starting here is easy and will help isolate if the issue is related to Firefox’s settings, or originating elsewhere.

First, open a new tab and paste about:profiles into the address bar and hit enter. This will open the Profile Manager.

Click Create a New Profile and follow the wizard. Click Set as default profile and then close and relaunch Firefox.

Firefox TLS Handshake

Try visiting a few sites which have stalled on the “performing a TLS handshake” status. If they load normally now, you know the issue is your Firefox profile (instead of with the website itself or your connection to the internet).

You can try to troubleshoot your original profile (remember to switch back to it using the Profile Manager), however isolating the issue will be difficult (check if you have a proxy connection configured, and try disabling your add-ons) and it may be due to corrupted data in the profile, which cannot be easily repaired.

Instead, you may want to transfer your important data to the new profile you created.

There is also a small chance the cause is related to self-signed certificates. If you are a developer, or using interval/private websites, check this next solution:

Self-Signed Certificates With Identical Subject/Issuer Information

If this issue is affecting sites using self-signed certificates, then you may be encountering a problem with the way Firefox parses SSL certificates.

Note that if you are experiencing this issue on everyday sites such as Google.com, Facebook.com, or Amazon.com, this is not the cause of your issue. This will mainly affect developers and users of internal/private sites and services.

If you are experiencing slow handshakes on a site with self-signed certificates, where the certificate has been replaced multiple times with new certificates that all have identical Subject/Issuer information (all the info in the “Issuer” and “Subject” fields is the same across certs), Firefox will eventually choke due to the number of possible path-building combinations.

An example of this would be a service which generates a new certificate for “localdomain.test” everytime it is restarted, which you visit multiple times and accept the self-signed certificate. After doing this a number of times, Firefox will have stored all these certificates in its local database and check them all against these other in an attempt to see if there is a valid path.

Following the steps above to create a new profile will resolve this issue temporarily. To confirm this is the cause, switch back to your affected profile (using the steps above), and then open the Profile folder in your operating system’s file explorer.

An easy way to do this is to browse to about:support and then click the Open Folder button for the Profile Folder. Locate cert8.db in your file explorer and rename the file (e.g. “cert8.db.bak”) so that Firefox replaces it. Restart the browser and try visiting an affected site again. If the page loads normally, you have confirmed the issue is related to the local certificate database storing too many self-signed certificates with the same name.

Firefox starts to noticeably slow down after storing 7-8 identically named self-signed certificates. After storing 10 it slows down significantly and can hang on “Performing a TLS handshake” for 30 seconds or more. If it takes a while for you to accumulate this number of identical certificates, it may be workable to just repeat this process every few months. Otherwise, you will want to adjust the way your service generates new certificates so that they do not have identical information.

Wait it out

If you suddenly started experiencing this problem, it may be related to temporary network issues. If all HTTPS connection are suddenly loading slow, it’s possible your ISP is having connectivity issues. If it is only certain sites, than the issue may be related to revocation checking, part of the TLS handshake that requires a connection to third-party servers.

If the issue resolves itself within a day, this was likely the problem.

Still Not Fixed?

The problem with this “Performing TLS handshake” message is that it’s very vague. Anything from a misconfigured VPN to your operating system could be the cause.

If you are still plagued by this problem, you will want to log your HTTP traffic. This will provide detailed information needed to debug the problem. If you get this far – please write a comment below so we can help take a look into your specific issue.


Re-Hashed is a regular feature where we take an older post that our newer readers may not have seen, touch it up and give it a second life. This week we talked about clearing an annoying TLS error in Firefox.

22 comments
  • I am not a computer wiz. I followed the first part and it did not work. I am afraid of the ‘log your HTTP traffic’ instructions.

  • When I use ssh proxy server, my firefox times out on “Performing a TLS‌ Handshake on …” even on facebook and youtube.
    But if I use VPN‌ to same server it opens them without any problem! I couldn’t find the reason.

  • I found the solution:
    After using firefox own settings for proxy, and filling the all parts except “SSL Proxy” in firefox manual proxy configuration, the problem disappeared.

  • That didn’t work. It still stalls for several hours trying to load yahoo.com, showing the “TLS handshake”. And now with a new Firefox user profile, I have lost hundreds of bookmarks.

  • i have found mysef lost in the world of pc’s and network. Run into a “Performing TSL handshake to…..”
    and after 3hours of trying different suggestions from various forums such as changing firefox profile, and locate cert8.db in your file explorer and rename the file (e.g. “cert8.db.bak”) have been done with no effect.
    Its a mystery to me and don’t understand how this handshake is able to hang up in an eternal cycle in firefox and in Chrome i get the error message ERR_TIMED_OUT where other devises work fine with the same wifi network. and firefox…

  • I just got ff the phone with a friend who was experiencing the same issue, and the problem disappeared when I had her reset her modem/router, by disconnecting the power from it for one minute, and plugging it back in. I had her shut down the computer prior to the reset.
    Just putting this out there…

  • This happens to me at completely random times. Sometimes while I’m in the middle of a youtube video, sometimes while just trying to load a page. I’ve found restarting my computer clears whatever error is going on and I’m able to surf again (at least for a little while until it decides to stop again).

  • I have had this problem twice, and in each case it was solved by removing and then re-installing Avast antivirus software. Don’t know why it works, but it does!

  • TLS handshake issues occurring AFTER the new Firefox update. Firefox claims to be faster, but is running slower than ever. Issue with website does NOT occur in private window mode, only in regular mode if that helps

  • I have this problem many times a day, usually every 40 minutes or so. It’s deeply annoying. The ISP blames the computer, the computer company (it’s a new PC) blames the ISP, it’s a hellhole. ALmost enough to send me back to ink and paper.

  • The problem occures since this bloody Firefox 57 Quantum. Never before.
    Whenever these mozilla people bring out a new version, something does not work.
    This time it´s the handshake problem.

    The best way to avoid this is using a better browser such as crome.

    All the solutions above do _not_ solve the problem.

  • Klaus,
    this is not unique problem to Firefox only. I use Firefox and Tor regularly. To test “TLS Handshake” problem I also installed IE and Chrome. Guess what? Sites which gave me a this problem in Firefox also did it in IE and Chrome. Only message was different (unable to load; timed out or so…). Only Tor manage to go thru in all sites – bat Tor can’t access/is banned by Google. So, I’m stuck with switching between Tor and Firefox in daily usge. All in all it looks to me as some bug in TLS protocol itself…

  • Keep in mind guys, this problem exists because of the ISP software that is in place to censor websites. Now that the FCC has passed the “no freenet bill” the ISPs can now prevent websites from getting to you. You can clearly see this happening more and more as time goes on and the ISPs are all testing out new censorship software. “Censorship software” is just a laymens way of saying that the ISP are getting ready for when this bill goes through congress. This has already happened with Netflix vs Verizon. It’s why Netflix is now paying Verizon just so Verizon customers can see netflix. This is just one example. But It’s why this bill needs to be denied through congress.

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha *

Author

Vincent Lynch

The SSL Store’s encryption expert makes even the most complex topics approachable and relatable.