Firefox is one of the major web browsers in the market today. It was released in 2002 and has since grown into a powerful and stable browser for Windows, macOS, Linux, and other major operating systems. Firefox is also available for Android and iOS devices.
However, some users have recently reported being stuck at what’s known as the TLS Handshake phase when accessing a website via Firefox. Whenever users type in a website in the address bar, the page fails to load because the TLS Handshake has failed. The TLS Handshake should only take a couple of seconds, not minutes, to process. If you’re stuck at this stage or if the handshake takes more than five seconds, then something’s wrong with your browser.
This guide will explain what the TLS Handshake is and what to do when you encounter the failed TLS Handshake issue.
What Is TLS Handshake?
The Transport Layer Security (TLS) Handshake Protocol is used whenever authentication and key exchange is required to start or resume secure sessions. The TLS Handshake Protocol deals with cipher negotiation, authentication of the server and the client, and session key information exchange.
TLS Handshakes look simple at the surface, but the process is actually composed of these complicated steps:
- The client (your browser) sends a Client Hello message to the server, together with the client’s random value and cipher suites.
- The server replies with a Server Hello message and its own random value.
- The server then sends its certificate to the client for authentication, and may ask a certificate from the client as well. Then the server sends a Server hello done notification.
- The client sends the certificate if the server requested one.
- The client sends a random Pre-Master Secret to the server, and both of them generate the Master Secret and session keys.
- The client sends a Change cipher spec message, then a Client finished notification.
- Server gets the Change cipher spec message then switches to symmetric encryption. Next, the server sends a Server finished notification to the client.
- A secure channel has now been established between client and server, through which they can exchange data.
Given the number of exchanges between the server and the client, plenty can possibly go wrong in the process. A single incorrect browser configuration or missing website certificate, for instance, can cause the whole TLS Handshake process to fail.
What Causes TLS Handshake Failure?
Recently, several Firefox users reported that they are experiencing TLS Handshake failure whenever they use the browser to access websites. For some users, the problem is isolated to specific websites, while others are encountering the error across all websites. In some cases, the page loads eventually after being stuck at the TLS Handshake phase. Most of the time, though, the page is just stuck there and the screen turns either white or black.
Here are some common causes of TLS Handshake errors:
- Incorrect System Time – This means that your computer’s time and date configuration is incorrect.
- Mismatched Protocol – The protocol being used by your browser is not supported by the server.
- Browser Error – One of the browser settings is causing the error.
- Third-party – A third-party is intercepting, manipulating, or interfering with the connection.
- Cipher Suite Mismatch – The server does not support the Cipher Suite used by the client.
- Incorrect Certificate – This could be caused by incomplete or invalid certificate, incorrect URL host name, revoked or expired SSL/TLS certificate, or path-building error in self-signed certificates.
How to Fix TLS Handshake Failure on Firefox
If your Firefox browser hangs at TLS Handshake and reloading doesn’t do the trick, there is likely something wrong somewhere. Here are some ways to resolve TLS Handshake issue on Firefox.
Clear Your Cache and Browsing History.
The first thing you need to do when you encounter problems with your browser is to delete all cached data and history. To do this:
- Click the History icon located in the upper right section of the top menu.
- Select History from the dropdown menu.
- Click Clear Recent History.
- Choose the time range you want clear (Last hour, Last two hours, Last four hours, Today, or Everything)
- Tick off all the items you want to delete. You can delete the browsing and download history, active logins, cookies, cache, form and search history, site preferences, and offline website data.
- Hit the Clear Now button.
While you’re at it, you might as well delete all the unnecessary files on your computer to make sure no corrupted file is interfering with your processes. You can use a tool such as Outbyte PC Repair to remove all junk files from your computer.
Once you’ve deleted your browser history, cache, and junk files, try opening a website that previously won’t load to see if your cleanup worked.
Use a New Profile.
If clearing your Firefox cached data and browsing history did not work, the next step is to create a new Firefox profile. Using a new profile is like starting with a clean slate because sometimes there are personalized settings that would interfere with the processes. This method will also determine if the issue is caused by Firefox’s settings or by something else.
To create a new profile, follow these steps:
- Type in about:profiles in the address bar and press Enter.
- When the Profile Manager window opens, click the Create a New Profile button.
- Follow the Create Profile Wizard to set up your personal settings and preferences.
- Once your profile is completed, click Set as default profile, then close Firefox.
Relaunch Firefox using the new user profile and check if the TLS Handshake problem has been resolved.
You can try to fix your old profile but isolating the cause of the issue would be difficult and time-consuming. You need to disable then re-enable the add-ons, double-check your proxy connection, and uninstall your extensions. If you are concerned about losing your data, you can just transfer them to your new profile to avoid the hassle.
Check Self-Signed Certificates for Identical Information.
If you’re a developer or you’re accessing internal websites, it is possible that Firefox is having trouble parsing your SSL certificates. If the website’s certificate has been replaced multiple times and the new certificates contain identical subject and issuer information, Firefox will be choked by the number of possible path combinations and will start to slow down. You’ll notice Firefox slowing down when you have seven to eight self-signed certificates stored, while having 10 and beyond would cause your browser to hang while performing a TLS Handshake.
To confirm if your self-signed certificates are causing your Firefox problem, follow these instructions:
- Launch Firefox and type about:support in the address bar.
- Click the Open Folder button in the Profile Folder field.
- Find the cert8.db file and rename it so that Firefox replaces it when the browser restarts.
- Restart Firefox and visit the affected website once again.
If the webpage loads successfully, it means that your local certificate database is indeed causing your Firefox problem. To solve this issue, you need to adjust the way your system generates new certificates so that they won’t have the same information.
Disable TLS Handshake on Firefox
If the above solutions don’t work, you can try to disable TLS on your browser.
To do this:
- Open the Firefox menu and click Options.
- Click the Advanced tab, then Encryption.
- Uncheck Use SSL 3.0 and Use TLS 1.0.
- Hit the OK button.
- Restart Firefox.
This should disable TLS Handshake every time you access a webpage using Firefox.
The problem with getting stuck at the “Performing TLS handshake” message is that it is a vague issue with many different potential causes. You can try any or all of the solutions above to see which one solves your problem.