Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

TLS handshake for minutes, then fail. Computer restart always fixes

  • 18 replies
  • 2 have this problem
  • 55 views
  • Last reply by ChrisG

more options

This started when I installed V68 on my Mac (I'm on 68.0.2 now, Mac is 10.12.6). About half the time when I start my computer in the morning, when I try to browse *any* site (http or https), I get the TLS handshake attempt that lasts for several minutes, then connection fails.

BUT, *unlike other posts with this problem*, if I restart my computer (restarting FF does not fix it), all is well. A detail (not sure if relevant): the pages my (Comcast) server has local copies of, that is, my home page and a couple of very frequently accessed pages, I can access, but any other site, regardless of http or https, results in the TLS handshake "freeze 'n fail."

  • Edit: I just lost then, 10 mins later, regained my Comcast (internet, mail, cable). I did not re-start computer or FF, but when signal returned, I got the dreaded TLS Handshake Freeze 'N Fail. Again, computer restart let me come here to report.
This started when I installed V68 on my Mac (I'm on 68.0.2 now, Mac is 10.12.6). About half the time when I start my computer in the morning, when I try to browse *any* site (http or https), I get the TLS handshake attempt that lasts for several minutes, then connection fails. BUT, *unlike other posts with this problem*, if I restart my computer (restarting FF does not fix it), all is well. A detail (not sure if relevant): the pages my (Comcast) server has local copies of, that is, my home page and a couple of very frequently accessed pages, I can access, but any other site, regardless of http or https, results in the TLS handshake "freeze 'n fail." *Edit: I just lost then, 10 mins later, regained my Comcast (internet, mail, cable). I did not re-start computer or FF, but when signal returned, I got the dreaded TLS Handshake Freeze 'N Fail. Again, computer restart let me come here to report.

Modified by ChrisG

Chosen solution

It appears to be Firefox's fault.

Since upgrading to V71 (skipping 70), and making no other software changes, I have experienced no TLS Handshake Problem.

This serves to note that, even when it does not appear to be the fault of something, it still could be. Software developers in general need to get away from 'it's not our fault' to 'lets check to see if it could be our fault.'

Who knows what development did to (a) accidentally create an occasionally occurring problem that was undiagnosable (and to which I spent way too much time!), and (b) accidentally fix said invisible problem? I have not decided if this is a rhetorical question.

Read this answer in context 👍 0

All Replies (18)

more options

Step 1) Have your ISP test your service.

Step 2) Start Firefox in Safe Mode {web link}

A small dialog should appear. Click Start In Safe Mode (not Refresh). Is the problem still there?

more options

You can try to disable IPv6 (check for other possible causes as well).

more options

FredMcD, starting in safe mode would not tell me if it 'solved' the incident. If I came up with good Internet, I could not tell if it is due to the restart alone or the restart>safe mode.

cor-el, how could IPv6 cause a 'variable' error? It seems that if that was the problem, simple restart would not help. Do I loose anything if I disable IPv6?

It seems to me in my lay-educated mind that it has something to do with the V68, since the problem started about when I upgraded to it. The 'common' solutions suggested here (and other similar suggestions in earlier forum posts) all seem to pertain to repeatable failures.

However, I have not confirmed if Safari has the problem at the same time. Next time I get a TLS handshake incident, I'll open Safari and see. I should have thought of that. :|

more options

Had another TLS handshake failure today. Safari had the same problem. Upon computer restart, FF and Safari were successful. Closing the browser does not fix the TLS handshake failure, only a computer restart is successful.

Since it happens in multiple browsers, is it possible that Firefox is temporarily affecting a system setting?

Or does this mean it's a Mac issue and I should ask Apple support?

more options

Try to disable IPv6 (check for other possible causes as well).

more options

Although it was labeled for if FF does not work but other browsers do? The problem was the same when I tried using Safari. Both browsers timed out in the TLS handshake.

more options

OK, I followed cor-el's link for IPv6 yesterday. This morning on startup, I had the TLS handshake time out again, and again with both FF and Safari. So IPv6 is not the issue. [I changed it back to False. "It" being disable.]

Once the TLS handshake fails, both browsers won't go anywhere. I'm reporting here after a re-start, as usual, which fixes the problem.

more options

Hi Chris!

Might be worth checking https://caddyserver.com/docs/mitm-detection to see if something is meddling with your TLS connections.

Please let us know what you find.

Thanks!

more options

MTM Unlikely. I guess I'll call Apple support, unless there is another idea.

more options

[Probably] Final Update: Bottom line, Failure!

Apple is sure it is a server problem. Comcast, UG! Finally got to a real person, three levels up, but not high enough to even know what a TLS handshake is! Can you believe it?

She noticed devices I have connected to the Internet (Oppo media player, Denon AV tuner, router, etc.) and would not help me unless all that was... I interrupted, said goodbye and hung up.

I should know that IT IS NEVER A BUSINESS THAT IS AT FAULT FOR INTERNET ISSUES, NEVER, NEVER! NEVER!

Modified by ChrisG

more options

Never say Never, Never!

The TLS failure happened at a time when I had nothing better to do and when I had Infinite Patience. I've work(ed) with kids all my life, so I know what infinite patience is.

Lucky me, the first Comcast person to answer the phone must have been a computer hobbiest because he knew what a TLS handshake was.

He knew what department I needed but said Comcast would not give him a way to access the correct department with my kind of problem. He had to write it up as a problem with accessing On Demand, and he told me to explain why with the next person (who laughed when I did explain).

However, Comcast is not willing to admit it is their server problem without them making a service call to replace my 2 year old modem with a newer model. Even after the problem occurred after Comcast re-set my modem earlier this week. He said he would request a real IT person make the service call. I could only hope....

My Question(s):

Does this sound at all possible that it could be my comcast cable modem causing intermittent connect problems, especially given I can access sites which are (presumably) cashed on the comcast server?

When the problem happens, is there any use for (and how do I) look behind the unloaded page for programming words suggesting what the problem might be? Kind of like 'show headers' in email? Who knows if I'll be able to cause the problem to happen the morning of the tech visit. So I could copy/paste these messages for the tech.

more options

Only someone in the know at Comcast can answer those questions.

more options

Thanks Fred, okay on the first question, but I think the second question is a Firefox question.

more options

I called for more help.

more options

Did you try to power the router off/on when this happens? "TLS handshake fails" likely means that the internet connection is broken (it is the first state to setup the connection), so it is not an actual cause but merely a message that some hang occurs in establishing the connection.

Do you have a real network card or do or have anther way to connect (e.g. via USB) ?

Can you restart the network service without rebooting?

more options

Remember, I can access the Comcast server and any pages they cache locally, thus, the (Netgear) router is going out from my local home network to the Comcast server. BTW, email is not affected. The screen message is that the connection timed out.

I think I have a network card. I'm not a power user. I have a 27" Imac (late 2009 edition) and a router to connect to the Comcast cable modem. Other items on the router are Roku and home entertainment components such as my Denon AV tuner and two Oppo media players (to get updates and Internet Radio). But, in ALL instances, I did not have any home theater component powered up (but the Oppos send an 'alive' signal because my TV does not say lost source).

Next time it happens, I'll try power cycling the router. But if the result is that I need to restart my computer, that would not be a good test, since restart (once so far I had to restart twice) fixes the problem.

more options

¡Hola Chris!

Could you please try setting up your router as detailed at https://one.one.one.one/dns/#setup-instructions and let us know if things improve then?

¡Gracias!

more options

Chosen Solution

It appears to be Firefox's fault.

Since upgrading to V71 (skipping 70), and making no other software changes, I have experienced no TLS Handshake Problem.

This serves to note that, even when it does not appear to be the fault of something, it still could be. Software developers in general need to get away from 'it's not our fault' to 'lets check to see if it could be our fault.'

Who knows what development did to (a) accidentally create an occasionally occurring problem that was undiagnosable (and to which I spent way too much time!), and (b) accidentally fix said invisible problem? I have not decided if this is a rhetorical question.