[Solved] Firefox: Performing a TLS handshake is slow

Hi all,

I find connecting to the web interface with Firefox is much slower than with Chrome or IE. The status bar writes “Performing a TLS handshake” while communicating to the appliance.

Is there any workaround to speed this up, I prefer using FF.

Thanks, Xian. @dclarizio, thoughts here?

Interesting, I exclusively use FF and haven’t noticed this. @martinpovolny / @himdel any ideas?

Tested with Chrome 60 and Firefox 51 … I’m getting pretty much exactly the same loading times in both browsers.

But I’ve only tested an appliance with a self-signed certificate where you need to confirm the browser exception.

If this is happening for properly signed certificates, could be dependent on the ciphers used, etc. (out of my depth here, sorry :)).
Alternatively, the browser could be lying and spending time elsewhere.

@xian Do you have any details about the certificate?

(Chrome inspector has a Security tab, with all the info)

The certificate I tried was…

TLS 1.2
ECDHE_RSA with P-256,

signature algorithm PKCS #1 SHA-1 With RSA Encryption
subject public key algorithm PKCS #1 RSA Encryption

I have the self-signed cert coming with the appliance, FF57.

@xian Interesting, then it should be the same, yes.

What kind of delay are we talking about? Is it multiple seconds, hundreds of miliseconds, …?

Could be also related to firefox version, I’ll test with a more current version tomorrow.

Couple of seconds - that’s why it is irritating. Would not complain about milliseconds.

I’m sorry @xian, I was unable to reproduce a multi-second delay in Firefox 51 on Linux nor on Firefox 57 on a Mac.

I suspect this may be something in your environment, have you tried multiple computers, etc?

I had simular issues. https://www.thesslstore.com/blog/troubleshoot-firefoxs-tls-handshake-message/ suggested a fix which worked for me

An easy way to do this is to browse to about:support and then click the Open Folder button for the Profile Folder. Locate cert8.db in your file explorer and rename the file (e.g. “cert8.db.bak”) so that Firefox replaces it. Restart the browser and try visiting an affected site again. If the page loads normally, you have confirmed the issue is related to the local certificate database storing too many self-signed certificates with the same name.


Thanks @spole83 that seems to cure the slowdown.


This does not work for me with Firefox 57. I get the message “failed to read configuration file” after renaming the file.

I just closed FF, removed the file cert9, started FF again. A new cert9 file was created automatically and now I don’t get the TLS message for 2 seconds before loading the sites.

Thanks man.

1 Like

This did not work for me. I renamed cert9.db, restarted Firefox 60.2, but the issue with hanging at TLS handshake persists. Sometimes it takes 10 seconds and then it times out.

Make sure you’re using the correct profile directory. Use the URI about:profiles and click on Root Directory to browse the current profile.

Yes, I verified I am going to the correct profile. Deleted cert9.db once again. Still did not fix the problem. Doesn’t happen all the time, though.

Hi, I wrote this some time ago on a much older version of FF. What I’ve found that always works for me is to delete any file certX.db. I’ve seen some have just a cert9.db and other have a cert8 & cert9.db. I normally end up deleting it every 5-6 months because of this issue.

Hope that helps

I have same issue here FF Quantum 67.0.4, it hangs forever on negotiating TLS. Chrome works blazing fast.