- The “Execute TLS Handshake” problem in Firefox is a sort of error message that users get when loading certain websites.
- This message leaves you hanging for a long time and causes the browser to slow down.
- If you get a “Running TLS handshake” error, the browser is taking too long to verify the website.
- Several factors can slow down your browser and cause it to hang during a TLS handshake.
- These include IPv6 and DNS issues, extensions and plug-ins.
Transportation Layer Security
Cryptographic protocols like Transport Layer Security (TLS) are used to secure computer communications. Email, instant messaging, and voice over IP are just some of the applications that use the protocol, but HTTPS remains its most visible application.
In order to communicate securely with a web server, your browser must perform a TLS handshake with the web server when you visit a website via HTTPS.
This issue in Firefox occurs when some websites are loaded. The “Execute TLS Handshake” message causes your browser to lag for a long time.
What is TLS Handshake?
TLS stands for Transport Layer Security. It is the exchange of information between your web browser and the web site you want to visit. The browser starts by asking for the original server of the site. This is done for security reasons, to confirm and verify each other, and to set up TLS encryption algorithms, versions, and session keys. This is usually done during the HTTPS protocol when you download HTTPS sites as a TLS handshake. If you get a “Running TLS handshake” error, the browser is taking too long to verify the website. Therefore, you cannot load the site in your browser.
As part of the TLS protocol, client-server handshakes are used to ensure the authenticity of communication and to establish an encrypted, secure connection.
The Performing TLS Handshake error is caused by a problems with the TLS Handshake Execution. I will show you how to solve it in this article.
What is the cause of the Performing TLS Handshake error in Mozilla Firefox for Windows?
Ssl Handshake Failure
Usually, SSL handshake failures occur when a secure connection cannot be established between the server and browser.
Here are some possible causes of TLS handshake hangs that may slow down your browser.
Recently added add-ons – Extensions and plug-ins can cause this problem, especially if you added them recently. An addon doesn’t have to be malicious to cause this problem, but it should be removed if you find that it has caused this problem.
Installed anti-virus software – Most anti-virus programs have HTTP(S) checks that perform additional checks in addition to the checks that already occur when you open a website.
The use of these features can slow down the loading time of a site, so we recommend disabling them.
IPv6 and DNS issues – Some users have experienced issues with IPv6 connectivity and/or their DNS addresses. Disabling IPv6 and/or changing your DNS address should be enough to resolve the problem in this scenario.
How do I fix the “Running TLS handshake” error in Mozilla Firefox for Windows?
In this industry, there are still a lot of colloquialisms. TLS certificates are still referred to as SSL certificates. Therefore, 443 will often be referred to as the SSL certificate port 443. Just remember that SSL certificates are actually HTTPS certificates when they’re mentioned.
Client: Hello, server. I want to establish secure communication between us. Here’s a list of SSL/TLS versions and cipher suites that are compatible with me.
Create a new profile
Creating a new Firefox profile is the first step you should take. In Firefox, all of your user settings are linked to a specific profile. If you have misconfigured options or incorrect data in your profile, these errors can be very hard to identify. This is a simple and quick way to find out if the problem is related to Firefox settings or something else.
Open a new tab and paste about: profiles into the address bar. The profile manager will open. Create a new profile by clicking “Create New Profile” and following the wizard. Close Firefox and restart it. Visit some sites that show a “doing TLS handshake” status and see if it is your Firefox profile (not your Internet connection or the site itself) that is causing the problem.
It may be difficult to isolate the problem (check if you have set up a proxy connection and disabled your add-ons) and may be due to corrupted data in your profile that cannot be readily restored. You can try to restore your original profile (remember to go back to it with the profile manager), but it will be hard to isolate the problem. You should move important data to the newly created profile. There is also a small chance that the problem has something to do with self-signed certificates.
Things also get more difficult if you also must configure the port number for every protocol.To guarantee the security of some existing protocols, it is very common to simply add the SSL/TLS encryption as if it was a layer below the current protocol. Anyway, that software has to recognize the SSL/TLS encrypted version of the protocol instead of the plaintext one. The port number changes from one protocol to another. You should have:IMAP uses port 143, but implicit SSL/TLS encrypted IMAP uses port 993.POP uses port 110, but implicit SSL/TLS encrypted POP uses port 995.SMTP uses port 25, but implicit SSL/TLS encrypted SMTP uses port 465.
The following solution is for developers or for private/interval sites:
Self-signed certificates with identical subject/issuer information.
Firefox might have a problem scanning SSL certificates when self-signed certificates are used on websites.
In addition to the Secure Socket Layer (SSL), Transport Layer Security (TLS) ensures the integrity of any message transported through the transport layer.
The problem only affects developers and users of internal/private sites/services, not common websites like Google.com, Facebook.com, or Amazon.com.
A slow handshake on a website with self-signed certificates will eventually choke because of the number of path construction combinations available (all information in the “Issuer” and “Subject” fields is the same for all certificates). If you see slow handshakes, all certificates have been replaced with new certificates several times.
How Does Tls Works
TLS 1.3 requires that the client advertise that it supports a list of PSK identifiers in its Client Hello message so that a PSK handshake can take place. In its response (the Server Hello message), the server can state that it recognizes one of them, so both parties may avoid exchanging keys. Thus, the authentication phase is skipped, which makes the Finished message crucial for preventing MITM attacks.
A symmetric key encryption protocol ensures the confidentiality of data transmitted over TLS. A symmetric key is used to encode and decrypt data. It appears as a jumble of ciphertext once an algorithm has been used to encrypt data. A malicious attacker cannot access the actual data if the algorithm is not used correctly.
It is possible to generate a new certificate for the local domain using a service. When Firefox reboots, it visits the test site several times, and accepts the self-signed certificate. To determine if there is a correct path, Firefox will compare all these certificates with each other in its local database.
To verify that this is the cause, in your operating system’s file explorer, open the profile folder and follow the steps above to create a new profile that temporarily fixes the problem.
This can be done easily by clicking “Open Folder” in the Profiles folder under the Support section. In your file explorer, locate cert8.db and rename it (for example, “cert8.db.bak”) to ensure Firefox replaces it. Try accessing another site after restarting your browser. If the page loads normally, you know the issue is caused by the storage of too many self-signed certificates with the same name in your local certificate database.
Whenever Firefox saves 7-8 certificates with the same name, it slows down significantly. If you save ten certificates with the same name, it slows down considerably. After saving ten certificates, Firefox can hang in “Do TLS handshake” mode for up to 30 seconds. It might be convenient to repeat the process every few months if it takes time to accumulate that many identical certificates. Otherwise, your service will need to alter the way they generate new certificates so that they do not contain the same information.
Wait for it
The problem may occur suddenly if a temporary network issue occurs. If all HTTPS connections suddenly load slowly, it could be a problem with your Internet provider. It could be a blockchain verification issue, which requires connecting to third-party servers during the TLS handshake if only certain websites are involved.
You are probably dealing with a short-term issue if it resolves itself in a day or two.
RECOMMENATION: Click here for help with Windows errors.
Frequently Asked Questions
Click the "Set as default profile" button, then close and restart Firefox. Try visiting a few sites that are stuck in the "Perform TLS Handshake" status. If they load normally now, you'll know that the problem is with your Firefox profile (not with the site itself or your Internet connection).
- Press the Windows + I keys on your keyboard.
- While in the Settings app, select Time and Language.
- Go to the right pane and set the switch to "Automatically set time on".
- Restart your computer, then try accessing the website again to see if the TLS handshake error is gone.
An SSL/TLS handshake is a negotiation between two parties on a network - for example, between a browser and a Web server - to determine the details of their connection.
Thus, SSL is not a completely secure protocol in 2019 and beyond. TLS, the most modern version of SSL, is secure. Besides, newer versions of TLS offer performance advantages and other improvements. Not only is TLS safer and more powerful, but most modern web browsers no longer support SSL 2.0 and SSL 3.0.
Mark Ginter is a tech blogger with a passion for all things gadgets and gizmos. A self-proclaimed "geek", Mark has been blogging about technology for over 15 years. His blog, techquack.com, covers a wide range of topics including new product releases, industry news, and tips and tricks for getting the most out of your devices. If you're looking for someone who can keep you up-to-date with all the latest tech news and developments, then be sure to follow him over at Microsoft.