X
Tap here to go to the mobile version of the site.

Support Forum

TLS handshake for minutes, then fail. Computer restart always fixes

Posted

This started when I installed V68 on my Mac (I'm on 68.0.2 now, Mac is 10.12.6). About half the time when I start my computer in the morning, when I try to browse *any* site (http or https), I get the TLS handshake attempt that lasts for several minutes, then connection fails.

BUT, *unlike other posts with this problem*, if I restart my computer (restarting FF does not fix it), all is well. A detail (not sure if relevant): the pages my (Comcast) server has local copies of, that is, my home page and a couple of very frequently accessed pages, I can access, but any other site, regardless of http or https, results in the TLS handshake "freeze 'n fail."

  • Edit: I just lost then, 10 mins later, regained my Comcast (internet, mail, cable). I did not re-start computer or FF, but when signal returned, I got the dreaded TLS Handshake Freeze 'N Fail. Again, computer restart let me come here to report.
This started when I installed V68 on my Mac (I'm on 68.0.2 now, Mac is 10.12.6). About half the time when I start my computer in the morning, when I try to browse *any* site (http or https), I get the TLS handshake attempt that lasts for several minutes, then connection fails. BUT, *unlike other posts with this problem*, if I restart my computer (restarting FF does not fix it), all is well. A detail (not sure if relevant): the pages my (Comcast) server has local copies of, that is, my home page and a couple of very frequently accessed pages, I can access, but any other site, regardless of http or https, results in the TLS handshake "freeze 'n fail." *Edit: I just lost then, 10 mins later, regained my Comcast (internet, mail, cable). I did not re-start computer or FF, but when signal returned, I got the dreaded TLS Handshake Freeze 'N Fail. Again, computer restart let me come here to report.

Modified by ChrisG

Quote

Additional System Details

Installed Plug-ins

  • Shockwave Flash 32.0 r0

Application

  • Firefox 68.0.2
  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:68.0) Gecko/20100101 Firefox/68.0
  • Support URL: https://support.mozilla.org/1/firefox/68.0.2/Darwin/en-US/

Extensions

  • Adblock Plus - free ad blocker 3.6.3 ({d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d})
  • Amazon.com 1.1 (amazondotcom@search.mozilla.org)
  • AutoFill Forms 0.3.2 (jid1-jJjr0f2lg5yYtf2dD@jetpack)
  • Bing 1.0 (bing@search.mozilla.org)
  • DuckDuckGo 1.0 (ddg@search.mozilla.org)
  • eBay 1.0 (ebay@search.mozilla.org)
  • Google 1.0 (google@search.mozilla.org)
  • Google Translate 1.2 ({f959a2e9-f211-424b-b0cd-ea7ecf269753})
  • Theme Font & Size Changer 62.0 ({f69e22c7-bc50-414a-9269-0f5c344cd94c})
  • Twitter 1.0 (twitter@search.mozilla.org)
  • Wikipedia (en) 1.0 (wikipedia@search.mozilla.org)
  • Autofill Forms 1.1.8 (autofillForms@blueimp.net) (Inactive)
  • Classic Theme Restorer 1.7.3.4 (ClassicThemeRestorer@ArisT2Noia4dev) (Inactive)
  • Dstocks 0.2.3.1-signed.1-signed (dstocks@dstocks.fr) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription:
  • adapterDeviceID: 0x9488
  • adapterDrivers:
  • adapterRAM:
  • adapterVendorID: 0x1002
  • contentUsesTiling: True
  • crashGuards: []
  • driverDate:
  • driverVendor:
  • driverVersion:
  • featureLog: {u'fallbacks': [], u'features': [{u'status': u'available', u'log': [{u'status': u'available', u'type': u'default'}], u'description': u'Compositing', u'name': u'HW_COMPOSITING'}, {u'status': u'available', u'log': [{u'status': u'available', u'type': u'default'}], u'description': u'OpenGL Compositing', u'name': u'OPENGL_COMPOSITING'}, {u'status': u'opt-in', u'log': [{u'status': u'opt-in', u'message': u'WebRender is an opt-in feature', u'type': u'default'}], u'description': u'WebRender', u'name': u'WEBRENDER'}, {u'status': u'blacklisted', u'log': [{u'status': u'available', u'type': u'default'}, {u'status': u'blacklisted', u'message': u'No qualified hardware', u'type': u'env'}], u'description': u'WebRender qualified', u'name': u'WEBRENDER_QUALIFIED'}, {u'status': u'available', u'log': [{u'status': u'available', u'type': u'default'}], u'description': u'Off Main Thread Painting', u'name': u'OMTP'}]}
  • info: {u'TileHeight': 1024, u'ApzWheelInput': 1, u'ApzDragInput': 1, u'ApzKeyboardInput': 1, u'ApzAutoscrollInput': 1, u'AzureFallbackCanvasBackend': u'none', u'TileWidth': 1024, u'AzureCanvasBackend': u'skia', u'AzureContentBackend': u'skia'}
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • offMainThreadPaintEnabled: True
  • offMainThreadPaintWorkerCount: 1
  • targetFrameRate: 60
  • usesTiling: True
  • webgl1DriverExtensions: GL_ARB_blend_func_extended GL_ARB_draw_buffers_blend GL_ARB_ES2_compatibility GL_ARB_explicit_attrib_location GL_ARB_instanced_arrays GL_ARB_internalformat_query GL_ARB_occlusion_query2 GL_ARB_sampler_objects GL_ARB_separate_shader_objects GL_ARB_shader_bit_encoding GL_ARB_shading_language_include GL_ARB_texture_buffer_object_rgb32 GL_ARB_texture_rgb10_a2ui GL_ARB_texture_storage GL_ARB_texture_swizzle GL_ARB_timer_query GL_ARB_vertex_type_2_10_10_10_rev GL_EXT_debug_label GL_EXT_debug_marker GL_EXT_texture_compression_s3tc GL_EXT_texture_filter_anisotropic GL_EXT_texture_mirror_clamp GL_EXT_texture_sRGB_decode GL_APPLE_client_storage GL_APPLE_container_object_shareable GL_APPLE_flush_render GL_APPLE_object_purgeable GL_APPLE_rgb_422 GL_APPLE_row_bytes GL_APPLE_texture_range GL_ATI_texture_mirror_once GL_NV_texture_barrier
  • webgl1Extensions: ANGLE_instanced_arrays EXT_blend_minmax EXT_color_buffer_half_float EXT_disjoint_timer_query EXT_float_blend EXT_frag_depth EXT_shader_texture_lod EXT_sRGB EXT_texture_compression_rgtc EXT_texture_filter_anisotropic OES_element_index_uint OES_standard_derivatives OES_texture_float OES_texture_float_linear OES_texture_half_float OES_texture_half_float_linear OES_vertex_array_object WEBGL_color_buffer_float WEBGL_compressed_texture_s3tc WEBGL_compressed_texture_s3tc_srgb WEBGL_debug_renderer_info WEBGL_debug_shaders WEBGL_depth_texture WEBGL_draw_buffers WEBGL_lose_context
  • webgl1Renderer: ATI Technologies Inc. -- ATI Radeon HD 4670 OpenGL Engine
  • webgl1Version: 3.3 ATI-10.2.37
  • webgl1WSIInfo: CGL
  • webgl2DriverExtensions: -
  • webgl2Extensions: -
  • webgl2Renderer: WebGL creation failed: * WebGL 2 requires support for the following features: transform_feedback2
  • webgl2Version: -
  • webgl2WSIInfo: -
  • windowLayerManagerRemote: True
  • windowLayerManagerType: OpenGL
  • windowUsingAdvancedLayers: False

Modified Preferences

Misc

  • User JS: No
  • Accessibility: No
FredMcD
  • Top 10 Contributor
4245 solutions 59390 answers

Step 1) Have your ISP test your service.

Step 2) Start Firefox in Safe Mode {web link}

A small dialog should appear. Click Start In Safe Mode (not Refresh). Is the problem still there?

Step 1) Have your ISP test your service. Step 2) [https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode Start Firefox in Safe Mode] {web link} A small dialog should appear. Click '''Start In Safe Mode''' (not Refresh). Is the problem still there?
Was this helpful to you?
Quote
cor-el
  • Top 10 Contributor
  • Moderator
17468 solutions 157860 answers

You can try to disable IPv6 (check for other possible causes as well).

You can try to disable IPv6 (check for other possible causes as well). *https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can
Was this helpful to you?
Quote

Question owner

FredMcD, starting in safe mode would not tell me if it 'solved' the incident. If I came up with good Internet, I could not tell if it is due to the restart alone or the restart>safe mode.

cor-el, how could IPv6 cause a 'variable' error? It seems that if that was the problem, simple restart would not help. Do I loose anything if I disable IPv6?

It seems to me in my lay-educated mind that it has something to do with the V68, since the problem started about when I upgraded to it. The 'common' solutions suggested here (and other similar suggestions in earlier forum posts) all seem to pertain to repeatable failures.

However, I have not confirmed if Safari has the problem at the same time. Next time I get a TLS handshake incident, I'll open Safari and see. I should have thought of that. :|

FredMcD, starting in safe mode would not tell me if it 'solved' the incident. If I came up with good Internet, I could not tell if it is due to the restart alone or the restart>safe mode. cor-el, how could IPv6 cause a 'variable' error? It seems that if that was the problem, simple restart would not help. Do I loose anything if I disable IPv6? It seems to me in my lay-educated mind that it has something to do with the V68, since the problem started about when I upgraded to it. The 'common' solutions suggested here (and other similar suggestions in earlier forum posts) all seem to pertain to repeatable failures. However, I have not confirmed if Safari has the problem at the same time. Next time I get a TLS handshake incident, I'll open Safari and see. I should have thought of that. :|
Was this helpful to you?
Quote

Question owner

Had another TLS handshake failure today. Safari had the same problem. Upon computer restart, FF and Safari were successful. Closing the browser does not fix the TLS handshake failure, only a computer restart is successful.

Since it happens in multiple browsers, is it possible that Firefox is temporarily affecting a system setting?

Or does this mean it's a Mac issue and I should ask Apple support?

Had another TLS handshake failure today. Safari had the same problem. Upon computer restart, FF and Safari were successful. Closing the browser does not fix the TLS handshake failure, only a computer restart is successful. Since it happens in multiple browsers, is it possible that Firefox is temporarily affecting a system setting? Or does this mean it's a Mac issue and I should ask Apple support?
Was this helpful to you?
Quote
cor-el
  • Top 10 Contributor
  • Moderator
17468 solutions 157860 answers

Try to disable IPv6 (check for other possible causes as well).

Try to disable IPv6 (check for other possible causes as well). *https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can
Was this helpful to you?
Quote

Question owner

Although it was labeled for if FF does not work but other browsers do? The problem was the same when I tried using Safari. Both browsers timed out in the TLS handshake.

Although it was labeled for if FF does not work but other browsers do? The problem was the same when I tried using Safari. Both browsers timed out in the TLS handshake.
Was this helpful to you?
Quote

Question owner

OK, I followed cor-el's link for IPv6 yesterday. This morning on startup, I had the TLS handshake time out again, and again with both FF and Safari. So IPv6 is not the issue. [I changed it back to False. "It" being disable.]

Once the TLS handshake fails, both browsers won't go anywhere. I'm reporting here after a re-start, as usual, which fixes the problem.

OK, I followed cor-el's link for IPv6 yesterday. This morning on startup, I had the TLS handshake time out again, and again with both FF and Safari. So IPv6 is not the issue. [I changed it back to False. "It" being disable.] Once the TLS handshake fails, both browsers won't go anywhere. I'm reporting here after a re-start, as usual, which fixes the problem.
Was this helpful to you? 0
Quote
alex_mayorga
  • Top 25 Contributor
  • Moderator
365 solutions 2869 answers

Hi Chris!

Might be worth checking https://caddyserver.com/docs/mitm-detection to see if something is meddling with your TLS connections.

Please let us know what you find.

Thanks!

Hi Chris! Might be worth checking https://caddyserver.com/docs/mitm-detection to see if something is meddling with your TLS connections. Please let us know what you find. Thanks!
Was this helpful to you? 0
Quote

Question owner

MTM Unlikely. I guess I'll call Apple support, unless there is another idea.

MTM Unlikely. I guess I'll call Apple support, unless there is another idea.
Was this helpful to you?
Quote

Question owner

[Probably] Final Update: Bottom line, Failure!

Apple is sure it is a server problem. Comcast, UG! Finally got to a real person, three levels up, but not high enough to even know what a TLS handshake is! Can you believe it?

She noticed devices I have connected to the Internet (Oppo media player, Denon AV tuner, router, etc.) and would not help me unless all that was... I interrupted, said goodbye and hung up.

I should know that IT IS NEVER A BUSINESS THAT IS AT FAULT FOR INTERNET ISSUES, NEVER, NEVER! NEVER!

[Probably] Final Update: Bottom line, Failure! Apple is sure it is a server problem. Comcast, UG! Finally got to a real person, three levels up, but not high enough to even know what a TLS handshake is! Can you believe it? She noticed devices I have connected to the Internet (Oppo media player, Denon AV tuner, router, etc.) and would not help me unless all that was... I interrupted, said goodbye and hung up. I should know that IT IS NEVER A BUSINESS THAT IS AT FAULT FOR INTERNET ISSUES, NEVER, NEVER! '''NEVER!'''

Modified by ChrisG

Was this helpful to you?
Quote

Question owner

Never say Never, Never!

The TLS failure happened at a time when I had nothing better to do and when I had Infinite Patience. I've work(ed) with kids all my life, so I know what infinite patience is.

Lucky me, the first Comcast person to answer the phone must have been a computer hobbiest because he knew what a TLS handshake was.

He knew what department I needed but said Comcast would not give him a way to access the correct department with my kind of problem. He had to write it up as a problem with accessing On Demand, and he told me to explain why with the next person (who laughed when I did explain).

However, Comcast is not willing to admit it is their server problem without them making a service call to replace my 2 year old modem with a newer model. Even after the problem occurred after Comcast re-set my modem earlier this week. He said he would request a real IT person make the service call. I could only hope....

My Question(s):

Does this sound at all possible that it could be my comcast cable modem causing intermittent connect problems, especially given I can access sites which are (presumably) cashed on the comcast server?

When the problem happens, is there any use for (and how do I) look behind the unloaded page for programming words suggesting what the problem might be? Kind of like 'show headers' in email? Who knows if I'll be able to cause the problem to happen the morning of the tech visit. So I could copy/paste these messages for the tech.

Never say Never, '''Never!''' The TLS failure happened at a time when I had nothing better to do and when I had Infinite Patience. I've work(ed) with kids all my life, so I know what infinite patience is. Lucky me, the first Comcast person to answer the phone must have been a computer hobbiest because he knew what a TLS handshake was. He knew what department I needed but said Comcast would not give him a way to access the correct department with my kind of problem. He had to write it up as a problem with accessing On Demand, and he told me to explain why with the next person (who laughed when I did explain). However, Comcast is not willing to admit it is their server problem without them making a service call to replace my 2 year old modem with a newer model. Even after the problem occurred after Comcast re-set my modem earlier this week. He said he would request a real IT person make the service call. I could only hope.... My Question(s): Does this sound at all possible that it could be my comcast cable modem causing intermittent connect problems, especially given I can access sites which are (presumably) cashed on the comcast server? When the problem happens, is there any use for (and how do I) look behind the unloaded page for programming words suggesting what the problem might be? Kind of like 'show headers' in email? Who knows if I'll be able to cause the problem to happen the morning of the tech visit. So I could copy/paste these messages for the tech.
Was this helpful to you?
Quote
FredMcD
  • Top 10 Contributor
4245 solutions 59390 answers

Only someone in the know at Comcast can answer those questions.

Only someone in the know at Comcast can answer those questions.
Was this helpful to you?
Quote

Question owner

Thanks Fred, okay on the first question, but I think the second question is a Firefox question.

Thanks Fred, okay on the first question, but I think the second question is a Firefox question.
Was this helpful to you?
Quote
FredMcD
  • Top 10 Contributor
4245 solutions 59390 answers

I called for more help.

I called for more help.
Was this helpful to you?
Quote
cor-el
  • Top 10 Contributor
  • Moderator
17468 solutions 157860 answers

Did you try to power the router off/on when this happens? "TLS handshake fails" likely means that the internet connection is broken (it is the first state to setup the connection), so it is not an actual cause but merely a message that some hang occurs in establishing the connection.

Do you have a real network card or do or have anther way to connect (e.g. via USB) ?

Can you restart the network service without rebooting?

Did you try to power the router off/on when this happens? "TLS handshake fails" likely means that the internet connection is broken (it is the first state to setup the connection), so it is not an actual cause but merely a message that some hang occurs in establishing the connection. Do you have a real network card or do or have anther way to connect (e.g. via USB) ? Can you restart the network service without rebooting?
Was this helpful to you?
Quote

Question owner

Remember, I can access the Comcast server and any pages they cache locally, thus, the (Netgear) router is going out from my local home network to the Comcast server. BTW, email is not affected. The screen message is that the connection timed out.

I think I have a network card. I'm not a power user. I have a 27" Imac (late 2009 edition) and a router to connect to the Comcast cable modem. Other items on the router are Roku and home entertainment components such as my Denon AV tuner and two Oppo media players (to get updates and Internet Radio). But, in ALL instances, I did not have any home theater component powered up (but the Oppos send an 'alive' signal because my TV does not say lost source).

Next time it happens, I'll try power cycling the router. But if the result is that I need to restart my computer, that would not be a good test, since restart (once so far I had to restart twice) fixes the problem.

Remember, I can access the Comcast server and any pages they cache locally, thus, the (Netgear) router is going out from my local home network to the Comcast server. BTW, email is not affected. The screen message is that the connection timed out. I think I have a network card. I'm not a power user. I have a 27" Imac (late 2009 edition) and a router to connect to the Comcast cable modem. Other items on the router are Roku and home entertainment components such as my Denon AV tuner and two Oppo media players (to get updates and Internet Radio). But, in ALL instances, I did not have any home theater component powered up (but the Oppos send an 'alive' signal because my TV does not say lost source). Next time it happens, I'll try power cycling the router. But if the result is that I need to restart my computer, that would not be a good test, since restart (once so far I had to restart twice) fixes the problem.
Was this helpful to you?
Quote
alex_mayorga
  • Top 25 Contributor
  • Moderator
365 solutions 2869 answers

¡Hola Chris!

Could you please try setting up your router as detailed at https://one.one.one.one/dns/#setup-instructions and let us know if things improve then?

¡Gracias!

¡Hola Chris! Could you please try setting up your router as detailed at https://one.one.one.one/dns/#setup-instructions and let us know if things improve then? ¡Gracias!
Was this helpful to you?
Quote
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.