MozillaZine

Getting a lot of TLS handshake errors!

Discuss various technical topics not related to Mozilla.
ginahoy
 
Posts: 193
Joined: October 18th, 2007, 8:32 pm

Post Posted November 22nd, 2017, 1:12 pm

Thanks for the tip. The article was informative. Mine was set to the default value of 1, as expected since I hadn't changed it. The issue I'm (still) having with accessing LinkedIn is intermittent. At first glance, this seems to be a server load issue. I can always, eventually, get the page to load with multiple attempts. However, if I don't reload, an initial TLS hang never resolves. This seems more like a protocol implementation issue (for example, a race condition, or inadequate queue depth). Otherwise, an initial hang due to high server load should always resolve itself. Of course, this is only informed speculation. The root cause could be something completely different!

Reflective

User avatar
 
Posts: 2260
Joined: February 15th, 2007, 11:13 am

Post Posted November 23rd, 2017, 10:58 am

If anyone has ESET NOD32 installed this article might be relevant: https://www.askvg.com/fix-secure-connec ... b-browser/

lsylvain
New Member
 
Posts: 2
Joined: November 24th, 2017, 6:36 pm

Post Posted November 24th, 2017, 6:46 pm

Clearing the cache did not work for me.

I did the following. Go to options/Network Proxy. Write down the current settings in case you wish to restore them later (such as the proxy settings for your work place). Now selecte Auto-detect proxy settings for this network and see if the problem has been corrected. I found that this did the trick. At that point I was able to go back and select No Proxy or Use System Settings and things also worked. Of course if you use a specific proxy on your network, which is common in work places, you want to restore the settings you wrote down as I suggested above.

lsylvain
New Member
 
Posts: 2
Joined: November 24th, 2017, 6:36 pm

Post Posted November 24th, 2017, 7:15 pm

After applying the workaround I posted earlier the problem resurfaced, so I reset my proxy settings to "Auto-detect proxy settings for this network". Next I went to about:config. It is important to always note your original settings when configuring from this screen to avoid "voiding your warranty". Always keep a list of setting names and their original values when changing settings in about:config.

I searched on tls, which displayed 11 settings. I changed the value for the setting named services.sync.prefs.sync.security.tls.version.max from true to false. Basically the default setting instructs the browser to prefer the max tls version (3 as of the date of this post). Not all sites are using or defaulting to tls 3. Normally Firefox should fall back to version 2 if version 3 does not work, but it does not seem to do so. Once I set the value for services.sync.prefs.sync.security.tls.version.max I was able to successfully use https://www.startpage.com, which was a site I had been encountering the error accessing repeatedly.

Again, always note any setting changes you make in about:config so you can revert them later.

Hope ths help.

ginahoy
 
Posts: 193
Joined: October 18th, 2007, 8:32 pm

Post Posted November 25th, 2017, 12:29 pm

@lsylvain, thanks for the tips. I'm not certain, but I would guess the services.sync.prefs.sync.security.tls.version.max setting simply enforces the security.tls.version.max setting (default 3). If so, then flipping it to false would either allow FF to negotiate with latest TLS version (i.e., for testing), or provide a way to turn off the max setting without losing its value. In any case, flipping that setting didn't help with LinkedIn TLS hangs. Nor did changing Network Proxy to Auto.

Reflective

User avatar
 
Posts: 2260
Joined: February 15th, 2007, 11:13 am

Post Posted November 26th, 2017, 7:56 am

I've just this minute noticed something which might be relevant. I get the TLS handshake message when trying to load a site from history using the dropdown menu on the toolbar, but not if I use the "Show All History" menu which loads the library and then click the link in there.

For that you need to drag & drop the black History button which has an attached down arrow from the Customization menu on to the toolbar.

Might be worth a try if anyone wants to experiment.

zeozod
New Member
 
Posts: 1
Joined: November 28th, 2017, 12:33 am

Post Posted November 28th, 2017, 12:44 am

I just started getting this error with the upgrade to quantum firefox. It appears error handlig is not yet as robust in this version as in past versions. It looks as though this error can have a number of causes. For anyone that has this problem, consider activating the Developer menu (Tools->Web Developer). Within it you will find a Browser Console entry. If you select it a console window appears, showing recent error messages. It will likely indicate what failure put your browser into the waiting TLS handshake state. In my case, for example, my ublock origin extension was blocking an ad on https://startpage.com, a search site that I use constantly. The solution was to add startpage.com to that extension's whitelist.

Return to MozillaZine Tech


Who is online

Users browsing this forum: No registered users and 2 guests