MozillaZine

Getting a lot of TLS handshake errors!

Discuss various technical topics not related to Mozilla.
Sympol
 
Posts: 2
Joined: September 13th, 2017, 1:14 am

Post Posted September 13th, 2017, 1:46 am

Just thought I'd throw in my two-pennorth here. Been having the same problem over the last couple of months with Firefox 55.0.3 (64-bit) running on Windows 10 Pro. It has been so bad that I've often waited for up to 5 minutes while the 'Performing TLS handshake with .......' message displays.
Yesterday I installed Chrome. Attempted to connect to a music forum using Firefox that I've had the TLS problem with and as usual got the message. Immediately started Chrome and attempted to connect with the same forum. No problem. Read a couple of comments, replied to one and logged out. Meanwhile, Firefox was still waiting with the TLS message.....
A few seconds after I had completed the exercise using Chrome, Firefox decided to connect me.....
I have previously tried all the solutions suggested here, emptying the cache, going to No Proxy, turning off IPv6 etc. but nothing had worked in Firefox.
I'll add that I am running both Avast Anti-virus and Malwarebytes. Turning off these had no effect on the Firefox TLS problem. Both were running when I successfully connected using Chrome.
I am reluctant to discard Firefox as previously I have found it to be fast and reliable, but something has happened the last few months to dent my confidence....
Just tried it again today to the same site, and it took 85 seconds to connect to the forum page with Firefox. With Chrome, the connection was almost instantaneous..................

Mr_and_Mrs_D

User avatar
 
Posts: 57
Joined: May 6th, 2010, 9:18 am

Post Posted September 13th, 2017, 3:35 am

Brummelchen wrote:again - NO firefox issue
again - uninstall avast --> uninstall <-- NOT disable.

if you dont care please stop wasting our time.

Thanks for this post - disabling AVG shields worked for me :evil: - I had the exact issue discussed here, namely FF could not perform any TLS handshakes.

ajchicago
 
Posts: 5
Joined: October 2nd, 2017, 8:18 pm

Post Posted October 2nd, 2017, 8:26 pm

Duplicate post because I did not notice the "new user review" warning.
Last edited by ajchicago on October 2nd, 2017, 9:41 pm, edited 1 time in total.

ajchicago
 
Posts: 5
Joined: October 2nd, 2017, 8:18 pm

Post Posted October 2nd, 2017, 8:47 pm

Boy oh boy! Something rotten is going on at Mozillazine! As of 09/25 I changed and recorded my password. As of today I am unknown and was able to register.... again! I just posted a response to this thread, but it is nowhere to be found. What the heck? Let's ignore that and get to my post. Recently I began having the same "Waiting for TLS handshake" problem discussed here. That's what brought me here searching for an answer or others with the same issue. I have Firefox 50.0.3 32 bit, Windows 10 with network settings showing IPV4 addresses, and running Norton Security Suite from Comcast. It would seem that the common thread in all of this is Firefox. Changing Avast is not my issue and I cannot change IPV6 to IPV4. Anyone got any other ideas? I would say this started for me a couple weeks ago (maybe a month). It's very annoying/irritating. ](*,)

James
Moderator

User avatar
 
Posts: 27083
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted October 2nd, 2017, 9:33 pm

ajchicago wrote: I just posted a response to this thread, but it is nowhere to be found. What the heck?

You posted as a new member so first post needs approval and then user can post normally after after approval. This is being done due to the amount of spam attempts this forum can get each day that regular members are not aware of.

If the problem was indeed with version like Firefox 54, 55, 56 then there would be far more threads on this.

Actually one of the most common reasons for Firefox (any version) not being able to connect to https sites has been due to some antivirus clients getting in the way and or due to system date/time being wrong.

For example https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER
https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can

ajchicago
 
Posts: 5
Joined: October 2nd, 2017, 8:18 pm

Post Posted October 2nd, 2017, 9:39 pm

Thanks. Ya, I figured that out after noticing the the new user alert on the 2nd post. I shall turn it off for a while tomorrow and see what I see... antivirus, that is. So you think it is Avast and Norton. doing the same thing at the same time (in the same time frame)? After trying no antivirus for a period of time, if I still see the problem I think I will upgrade Firefox to 56.

Sympol
 
Posts: 2
Joined: September 13th, 2017, 1:14 am

Post Posted October 2nd, 2017, 11:15 pm

Following up on this. Reverted back to Firefox 52.4.0 ESR version and the problem with TLS handshaking disappeared without making any other changes (eg disabling or removing Avast/Malwarebytes etc.)
However, this version of Firefox occasionally gives me an error 'Not Responding' maybe once a day. Shutting down Firefox and restarting seems to fix that problem for a few hours at least.
Have to say that I've not experienced either the TLS handshake or not responding problem when using Chrome....

jaybs
 
Posts: 5
Joined: May 3rd, 2011, 10:10 am

Post Posted October 6th, 2017, 10:53 am

Firefox update yesterday, immediately for the first time TLC HANDSHAKE PROBLEMS, it is taking 2-3 minutes to open every website page, seem to want to go through google. facebook, Amazon, Crazy Egg before opening any page, Never experienced anything like this before, restarting clears it for a few hours but that is all, been with Firefox since the start love it so much, I am not tech minded and it sending me crazy, how do they let this happen!

Going to try and revert to Firefox 52.4.0 ESR VERSION, not sure how to do it.

Tried using IE but I just can't use it now!

ajchicago
 
Posts: 5
Joined: October 2nd, 2017, 8:18 pm

Post Posted October 8th, 2017, 7:47 am

Following up. Firefox updated to 56.0 since last post. I disabled Norton Security Suite and STILL HAVE the TLS handshake problems. Going to back level Firefox to 52.4.0 as a previous poster did and see if this works for me. This was present in the previous Firefox version, too.

ajchicago
 
Posts: 5
Joined: October 2nd, 2017, 8:18 pm

Post Posted October 8th, 2017, 8:15 am

This scared me off. Guess I am going to suffer until it accidentally goes away or someone actually figures it out. The weird thing for me is that I only notice the problem in eBay messaging. Must be different servers being used for messaging.

Warning: Using old versions of Firefox poses a significant security risk.

By default, different versions of Firefox will use the same user profile data. Installing an older version of Firefox after using Firefox version 55 or above can cause problems such as error messages, breakage in portions of Firefox and issues with some websites. You should either create a new profile or else refresh Firefox after installing the older version.

therube

User avatar
 
Posts: 17800
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted October 9th, 2017, 10:33 am

Going to back level Firefox to 52.4.0

Using old versions of Firefox poses a significant security risk.

In this case, 52.4.0 is the ESR branch & is current with security updates (& the 52 ESR line will be kept current - with security updates, until its EOL.)
(PS: Presumably there will be an update to 52.4.1, any time now.)
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

ginahoy
 
Posts: 189
Joined: October 18th, 2007, 8:32 pm

Post Posted October 25th, 2017, 2:12 pm

I'm running v55.02 on my Linux machine and recently started getting TLS hangs on LinkedIn... not every time, but enough to be down right irritating. So far, I haven't experienced TLS hangs on any other sites, including Yahoo mail or eBay messaging, for which others reported TLS hangs.

BTW, I'm not running any anti-virus software, and none has ever been installed on this machine. It also occurs in Safe Mode. I need to do further testing to see if it happens with a clean profile.

ginahoy
 
Posts: 189
Joined: October 18th, 2007, 8:32 pm

Post Posted October 25th, 2017, 2:37 pm

OK, with a clean profile, I added a bookmark for my LinkedIn page (requires login, but session is persistent after closing FF). At first, no TLS hang. I tried several more times, closing and re-opening FF between attempts. On the 4th or 5th attempt, it hung on TLS handshake. I made no changes to any settings in this profile. What does this tell us?

(I'm running Linux Mint 18.2 (Ubuntu 16.04), Firefox 55.0.2)

Grumpus

User avatar
 
Posts: 11598
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted October 26th, 2017, 5:32 am

Do you have NoScript or Iptraf-ng installed?
If not try Iptraf-ng and watch the IP numbers which show in real time and see if there's something else going on.
NoScript, will show untrusted or other lthings trying to load for more detail.
Either a traffic increase to the site or possibly more trackers or beacons can be affecting the speed.
Depending on your connection it could be anything.
It would be interesting to see what happens after 6th or 7th or more tries.
Could be something Linkedin is doing with some form of tracker or cookie which is staying in memory.

ginahoy
 
Posts: 189
Joined: October 18th, 2007, 8:32 pm

Post Posted October 26th, 2017, 4:31 pm

Grumpus wrote:Do you have NoScript or Iptraf-ng installed?

I do use NoScript but when I get the TLS handshake hang, there are no entries in the NS drop-down menu. In my experience, the entries don't show up in the NS menu until the site actually begins to load.

I wasn't familiar with Iptraf-ng but I installed it. As an aside, I noted a couple of IP's appear in the console as soon as I open the browser (about:blank). One associated with 'Hurricane Electric' is likely a backbone services provider to my local ISP. The other IP is associated with Akamai, which appears to be a cloud based content provider. I'm wondering how Akamai can direct packets to my IP without me having opened a web page!

After several tries, I was able to get a TLS handshake hang on LinkedIn while running iptraf-ng. When that happens, the console shows the following entry for a LinkedIn IP:

Code: Select all
108.174.10.10:443                           =       6       360 S-A- enp0s31
(6 packets, 360 bytes, Sync/Ack flags, Ethernet)

Either a traffic increase to the site or possibly more trackers or beacons can be affecting the speed.

That seems unlikely since response is binary: either the page loads almost immediately or it hangs indefinitely. There's no in-between.

It would be interesting to see what happens after 6th or 7th or more tries.

I've played with that... It appears to be somewhat random. At first I thought that once the site loads, all further attempts will always load. But I've seen it hang again in the same session.

Could be something Linkedin is doing with some form of tracker or cookie which is staying in memory.

In searching the web, many others have been experiencing TLS hangs on various sites. There could be (and probably is) a commonality between those sites rather than something LinkedIn in particular is doing.
Regarding cookies/beacons... I used Cookiekeeper to manage which cookies are kept, including several from LinkedIn that maintain my session. However, I just set a fresh profile to delete cookies, history, etc when Firefox closes and I happened to get a TLS hang on first attempt. I realize some trackers are stored in other places than cookies.sqlite but I have the 'Better Privacy' add-on that deletes all LSO's when the browser closes.

Depending on your connection it could be anything.

The whole point of posting here is to present some context and clues in order to narrow down and eliminate the universe of possibilities, and hopefully get to the cause. But I suspect we won't get there until someone much more knowledgeable than I experiences this issue themselves and takes the time to chase it down ](*,)

Return to MozillaZine Tech


Who is online

Users browsing this forum: No registered users and 1 guest