TLS or Transport layer security is an encryption protocol. It is designed so that communication via TLS remains secure and private. In this article, I will explain what is the TLS handshake and how to fix it if you are having problems.
Before going ahead and talking about the TLS handshake, let know when the TLS occurs. TLS is used whenever you access a website or application over HTTPS. When you access e-mails, messages and even VOIP, it uses TLS. You should know that HTTPS is an implementation of TLS encryption.
What is the TLS handshake
A handshake is a form of negotiation between two ends. Like when we meet people, we shake hands, and then we move on. On similar lines, TLS negotiation is a form of acknowledgment between two servers.
When establishing the TLS link, the servers check each other, establish encryption and exchange keys. If everything is authentic and as expected, more data exchange will take place. There are four main stages:
- Specify which version of TLS will be used for communication.
- Choose the encryption algorithms that will be used
- Authenticity is verified using the public key and the digital signature of the SSL Certificate Authority.
- Session keys are generated and exchanged
In simple terms, they say hello first, then the server offers a certificate that the client should check. Once the verification is complete, a session is generated. A key is created through which data is exchanged during the session.
How to repair the TLS handshake
You can not do anything if there is a server-side problem – but you have a problem with the browser, it can be fixed. For example, if the server offers a certificate that can not be authenticated, you can not do anything about it. However, if the problem is a TLS incompatibility, you can modify it from the browser.
- Check if the system time is correct
- Check the man in the middle problem
- Change the TLS protocol on Windows
- Delete browser profile or certificate database
- Reset the browser.
TLS trading can fail for many other reasons, and it depends on the scenario. Here are some ways to fix TLS, but before that, always use these rules to filter the problem.
- Check with different sites and if the problem persists.
- Switch to multiple network connections, i.e. WiFi or wired
- Change network, that is to say connect to a mobile access point or another router or even try a public network
1) Check if the system time is correct
This is the main reason why the TLS handshake has failed most of the time. The system time is used to check if the certificate is valid or has expired. In case of incompatibility between the time of your computer and that of the server, the certificates may seem out of date. Set the time by setting it to automatic.
Now, visit the website again and check if the TLS handshake has been fixed.
2) Man in the middle problem
There is a rule if this happens for a site, then its security software problem, but if this happens for all websites, it is a system problem.
It is possible that your computer's security software or browser extension intercepts TLS connections and changes something that causes TSL negotiation issues. It is also possible that a virus on the system will cause the whole problem TLS.
Some browser extensions change the proxy settings, which may be causing this problem.
In either case, you must repair your computer or security software. The best way to verify this is to use another computer and open the same website or application that was causing the problem.
3) Modify the TLS protocol on Windows
Windows 10 and earlier versions of Windows centralize the system's protocol settings. If you need to change the version of TLS, you can do it using Internet Properties.
- Type inetcpl.cpl in the prompt and press the Enter key.
- Once the Internet Properties window opens, go to the Advanced tab.
- Scroll to the end to find the Security section and you can add or remove TLS.
- If the website searches for TLS 1.2 and it is not checked, you must check it. Likewise, if someone is experimenting with TLS 1.3, you must check it.
- Apply to save and try to open the same website again.
While Chrome, IE and Edge use Windows features, Firefox, like its certificate database, manages itself. Here's how to change the TLS protocol in Firefox:
- Open Firefox, type about: config and press Enter
- In the search box, type TLS and locate security.tls.version.min
- You can change it for:
- 1 and 2 to force TLS 1 and 1.1
- 3 to force TLS 1.2
- 4 to force a maximum protocol of TLS 1.3.
4) Delete the browser profile or the certificate database
Each browser maintains a database for certificates. For example, each Firefox profile has a cert8.db file. If you delete this file and a restart corrects it, the problem is related to the local certificate database.
Similarly, on Windows, when you use IE or Edge, the Certificate Manager is responsible or you can access the edge: // parameters / privacy and click Manage certificates and HTTPS / SSL settings. Delete certificates and try again
If you can not find the database, delete the profile and try again.
4) reset the browser
This is the last resort if you encounter the problem with one of the browsers. You can choose to completely uninstall and then reinstall or reset the browser using the built-in feature. Follow the links to reset Chrome, Microsoft Edge, and Firefox.
Finally, although you can browse a website even if the certificate is invalid, be careful not to make such a transaction on the website. You must not use a credit card or enter the password for your account.
We hope that these tips have been easy to follow and that you have been able to solve the TLS problem on your browser or on your computer. I've tried my best to offer you a sufficient solution, but honestly, TLS is extremely vast and other solutions may be available.