[Solved] Firefox: Performing a TLS handshake is slow

ui

#1

Hi all,

I find connecting to the web interface with Firefox is much slower than with Chrome or IE. The status bar writes “Performing a TLS handshake” while communicating to the appliance.

Is there any workaround to speed this up, I prefer using FF.


#2

Thanks, Xian. @dclarizio, thoughts here?


#3

Interesting, I exclusively use FF and haven’t noticed this. @martinpovolny / @himdel any ideas?


#4

Tested with Chrome 60 and Firefox 51 … I’m getting pretty much exactly the same loading times in both browsers.

But I’ve only tested an appliance with a self-signed certificate where you need to confirm the browser exception.

If this is happening for properly signed certificates, could be dependent on the ciphers used, etc. (out of my depth here, sorry :)).
Alternatively, the browser could be lying and spending time elsewhere.

@xian Do you have any details about the certificate?

(Chrome inspector has a Security tab, with all the info)


The certificate I tried was…

TLS 1.2
ECDHE_RSA with P-256,
AES_128_GCM

signature algorithm PKCS #1 SHA-1 With RSA Encryption
subject public key algorithm PKCS #1 RSA Encryption


#5

I have the self-signed cert coming with the appliance, FF57.


#6

@xian Interesting, then it should be the same, yes.

What kind of delay are we talking about? Is it multiple seconds, hundreds of miliseconds, …?

Could be also related to firefox version, I’ll test with a more current version tomorrow.


#7

Couple of seconds - that’s why it is irritating. Would not complain about milliseconds.


#8

I’m sorry @xian, I was unable to reproduce a multi-second delay in Firefox 51 on Linux nor on Firefox 57 on a Mac.

I suspect this may be something in your environment, have you tried multiple computers, etc?


#9

Hi,
I had simular issues. https://www.thesslstore.com/blog/troubleshoot-firefoxs-tls-handshake-message/ suggested a fix which worked for me

An easy way to do this is to browse to about:support and then click the Open Folder button for the Profile Folder. Locate cert8.db in your file explorer and rename the file (e.g. “cert8.db.bak”) so that Firefox replaces it. Restart the browser and try visiting an affected site again. If the page loads normally, you have confirmed the issue is related to the local certificate database storing too many self-signed certificates with the same name.


#10

Thanks @spole83 that seems to cure the slowdown.