Closed Bug 1474206 Opened 7 years ago Closed 6 years ago

I'm experiencing very long delays "Performing a TLS Handshake". Please advise.

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
61 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: gyoung, Unassigned)

References

Details

Attachments

(1 file)

unstyled-page.png
575.46 KB, image/png
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0 Build ID: 20180704003137 Steps to reproduce: Just surfing my regular sites Actual results: There is a very long delay between me entering a site showing "Performing a TSL Handshake. Sometimes the delay can be up to 30 seconds. This even happens on all websites. I am on a very fast connection that is hard wired. Expected results: In the past the website would open in the browser almost immediately with no delay.
Moving hopefully to a better component.
Component: Untriaged → Networking
Product: Firefox → Core
Hi Gary, do you have antivirus software installed? I'm wondering if that could be affecting this issue.
Flags: needinfo?(gyoung)
If you don't mind, can you also check about:config, search for TLS in the big list of preference, and let me know the values that are in these two preferences: - security.tls.version.fallback-limit - security.tls.version.max Thanks very much!
Yes I use ESET antivirus. The fall back limit is 3 Max is 4
Flags: needinfo?(gyoung)
I disabled ESET antivirus and it made no difference
Summary: I'm experiencing very long delays "Performing a TSL Handshake". Please advise. → I'm experiencing very long delays "Performing a TLS Handshake". Please advise.
I've seen this lately too on a profile I run logs regularly, but didn't inspect them. When it happens, I will look into the logs, but I don't expect to find more than more questions there...
Yes it's an ongoing issue with Firefox only and I'm bummed out because I love the Firefox browser. I downloaded puffin Browser and experienced zero download lag? Not nearly as much lag with IE but I don't like or trust it.
This seems very similar to bug 1468892 Can you try one thing for me? Set security.tls.version.max to 3, restart Firefox, and try if it's still slow. Thanks
Flags: needinfo?(gyoung)
I set security.tls.version.max to 4 and the browser slowed way down and changed nothing with regard to the TLS lag.
Flags: needinfo?(gyoung)
I reset the proxy to auto-detect and then under certificates I chose select One automatically and unchecked query ocsp responder... Problem solved, no more lag.
I forgot to mention I had to restart Firefox for changes to take effect.
So, it's not clear from your previous comments - does setting security.tls.version.max to 3 do anything to improve the delays? Also, were you using a proxy before?
Flags: needinfo?(gyoung)
Sorry I meant to say setting it to 3 did nothing except slow down the browser even more and no I'm not on a proxy.
Flags: needinfo?(gyoung)
I will need-info Keeler: You may be interested in this problem.
Flags: needinfo?(dkeeler)
(In reply to Gary from comment #10) > I reset the proxy to auto-detect and then under certificates I chose select > One automatically and unchecked query ocsp responder... Problem solved, no > more lag. In about:config, what are the values of the preferences "security.OCSP.require" and "security.OCSP.timeoutMilliseconds.hard"? Can you run wireshark and capture some web traffic (port 80 and port 443) and attach the results here? Thanks!
Flags: needinfo?(dkeeler) → needinfo?(gyoung)
Lack of response.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
The problem continues with the fix being a complete browser reset. I've wasted so much time attempting 2 problem solve this issue I'd prefer to use a different browser. All suggested fixes are temporary at best.
Flags: needinfo?(gyoung)

I'm seeing similar issue with https://ceac.state.gov/genniv/ which shows flickering message of "Performing TLS handshake" at the bottom of the page. When it finally loads, the page is unstyled. I'll add a screenshot showing that.

Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: INVALID → ---
Attached image unstyled-page.png

(In reply to Neha Kochar [:neha] from comment #19)

I'm seeing similar issue with https://ceac.state.gov/genniv/ which shows flickering message of "Performing TLS handshake" at the bottom of the page. When it finally loads, the page is unstyled. I'll add a screenshot showing that.

:keeler, could you take a look at this? Thanks.

Flags: needinfo?(dkeeler)

Seems to work for me now - maybe there was an outage?

Flags: needinfo?(dkeeler)

(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #22)

Seems to work for me now - maybe there was an outage?

I can reproduce this with Firefox 65.0.1, but can't reproduce with nightly 68.0a1.
Do you think it's worth to take a look?
If yes, I can try to find the culprit by mozregression.

Flags: needinfo?(dkeeler)

Sure - if you can find what fixed this I'd be interested to know.

Flags: needinfo?(dkeeler)

It turns out that this has something to do with the profile. Last time I was able to reproduce this with my personal profile, but not on a clean profile.

Anyway, this looks like a PSM bug to me.

Component: Networking → Security: PSM

(In reply to Neha Kochar [:neha] from comment #19)

I'm seeing similar issue with https://ceac.state.gov/genniv/ which shows flickering message of "Performing TLS handshake" at the bottom of the page. When it finally loads, the page is unstyled. I'll add a screenshot showing that.

Can you still reproduce this?

Flags: needinfo?(nkochar)

I still see the TLS connection message repeating a couple of times but the page finally loads correctly styled. It takes a couple of secs but nothing like the time it was taking before. I should also mention when I reported this issue in comment 19, the website had no issues in Chrome.
Also, now, I see the issue of "session timed out" every time when I try to retrieve my application with my existing application ID, which is not happening in Chrome.

Flags: needinfo?(nkochar)

Try clearing the cache?

Flags: needinfo?(nkochar)

I re-tried again today and was able to reproduce on release 65.0.1 but not on release 66.0.1. I had originally reproduced on nightly 68 in comment 19.

Flags: needinfo?(nkochar)

Sorry, should've clarified I'm not able to reproduce the issue in comment 19 but I am reliably able to reproduce the session timed out issue in comment 27 but it can probably be tracked in a separate bug as it is different than the original report.

Ok - thanks.

Status: REOPENED → RESOLVED
Closed: 7 years ago6 years ago
Resolution: --- → WORKSFORME

I tried reproducing this and could the first time I tried. However, (even with a clean profile) I cannot reproduce after that first time. Since this isn't reliably reproducible and isn't happening in Chrome (at least with https://ceac.state.gov/genniv/), is there a chance this is a server-side issue?

I tried with varying levels of tracking protection enabled, too, and that didn't seem to make a difference.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: