FF worked great on a clean upgrade on my Linux system, due to new hardware. However, after I’ve installed my eToken, TLS handshaking started to take a looong time and even timed out.
Searching on Internet revealed no useful answer: people talk about deleting cert8 or cert9 databases. My new install has a small database of a few KBs, the older one a few MBs.
I’ve noticed that if I unplug the eToken stick it works fast and flawlessly; plugged back in, same problem. Still unhappy with this kind of quick fix. So I’ve replaced the PKS11 library selected in <default FF profile>pks11.txt, from
library=/usr/lib64/onepin-opensc-pkcs11.so
name=OpenSC smartcard framework (0.20)
to
library=/lib64/libeToken.so.10
name=New PKCS#11 Module
Now it works great, super fast, even with eToken stick plugged-in. However, FF gets this back to the old contents at every restart. So, this should be modified in the Settings, by unloading PKCS modules which cause delays, maybe selecting another library; I’ve preffered to directly modify the file because it was more convenient to simply copy text to verify. Go to about:preferences#privacy, Security, Certificates, enter Security devices, use Load to select a new library, Unload to get rid of the old one. eToken is listed and it isn’t logged in.
Happy browsing! 😉