Troubled by seeing Apache ssl_error_rx_record_too_long on your website? You are not alone!
This error frequently occurs when SSL traffic is not set up properly on the target secure server.
At Bobcares, we often get requests from our customers regarding the Apache SSL certificate error as part of our Server Management Services.
Today, we’ll see how our Support Engineers find fix for our customers.
What are the causes of Apache ssl_error_rx_record_too_long?
Everyone wants their websites to be secure. But, improper implementation of security often results in errors like Apache ssl_error_rx_record_too_long.
Some possible causes for this error are:
- SSL traffic is not set up properly on the target server.
- DNS may not be correct in the DNS name on VirtualHost.
- Misconfigured proxy not allowing an SSL handshake on port 443 correctly.
But, how to fix this problem is the main question. Being in the hosting industry for more than a decade, we see many variants of SSL error. Let’s see how our Engineers handle this error in different scenarios.
What are the Fixes?
In simple terms, the fix for the SSL error involves handling the secure traffic reaching the server correctly. We’ll now take a look at the exact steps involved.
When a customer approaches us with Apache ssl_error_rx_record_too_long error, our Support Engineers initially replicate the error from our side. This eliminates any possible browser errors at the user’s computer.
We then proceed with the following actions:
1. We make sure that SSL is running on port 443. Because if SSL is running on a non-standard port, then Firefox may show this error.
netstat -lpan | grep :443We do this by adding the following in the Apache configuration httpd.conf file.
Listen 4432. Upon finding the correct port settings, we check and confirm that the SSL certificate is valid and not expired.
Also, we make sure not more than one SSL is sharing the same IP.
3. On IPv6, our Engineers include the IP Address for eliminating this error.
Listen x.x.x.x:4434. Similarly, when customers get this error on Windows, we check whether the host file on the Windows server is properly set.
If not, we do it by changing VirtualHost domain.com:443 to VirtualHost _default_:443.
Each server configuration differs and so the troubleshooting will not be identical. However, we check the path of the SSL traffic and make corrections. This solves the problem and makes the SSL version of the website working again.
[Having trouble with Apache SSL error? We’ll fix it for you.]
Conclusion
In short, we discussed in detail on possible causes and fixes for Apache ssl_error_rx_record_too_long error. Also, we saw the way by which our Support Engineers find the fix for this error.
PREVENT YOUR SERVER FROM CRASHING!
Never again lose customers to poor server speed! Let us help you.
Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.
GET STARTED
var google_conversion_label = «owonCMyG5nEQ0aD71QM»;
Добрый день. Пытаюсь настроить хост через ssl. Вроде все элементарно просто, но что то не получается. Изначальный мануал брал тут
Файл хоста:
#<IfDefine SSL>
#<IfModule !mod_ssl.c>
#LoadModule ssl_module modules/mod_ssl.so
#</IfModule>
#<IfModule mod_ssl.c>
<VirtualHost xxx.xxx.xxx.xxx:443>
ServerAdmin info@site.su
ServerName myssl.site.su
DocumentRoot /var/www/site.su/myssl/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/site.su/myssl/>
SSLRequire
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
#Alias /doc/ "/usr/share/doc/"
#<Directory "/var/www/site.su/myssl/">
# Options Indexes MultiViews FollowSymLinks
# AllowOverride None
# Order deny,allow
# Deny from all
# Allow from 127.0.0.0/255.0.0.0 ::1/128
#</Directory>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
#SSLCertificateFile /etc/apache2/ssl/apache.pem
#SSLCertificateKeyFile /etc/apache2/ssl/apache.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
SSLCACertificatePath /etc/apache2/ssl/
SSLCACertificateFile /etc/apache2/ssl/apache.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd."
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"}
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 )
# or %{REMOTE_ADDR} =~ m/^192.76.162.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch ".(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]"
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
#</IfModule>
#</IfDefine>
Если раскомментировать строки IfModule и IfDefine то apache стартует без ошибок, но при попытке доступа к хосту браузер пишет:
Ошибка при установлении защищённого соединения
При соединении с myssl.site.su произошла ошибка. SSL получило запись, длина которой превышает максимально допустимую. (Код ошибки: ssl_error_rx_record_too_long)
Строки:
#SSLCertificateFile /etc/apache2/ssl/apache.pemвнесены мной вместо тех что используются выше. С ними браузер выдает ту же ошибку.
#SSLCertificateKeyFile /etc/apache2/ssl/apache.key
Браузер в любом случае выдает эту ошибку (
В логах apache при текущем конфиге пишет вот что:
[notice] Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3.18 with Suhosin-Patch mod_ssl/2.2.22 OpenSSL/1.0.1 configured -- resuming normal operations
Подскажите, пожалуйста, куда смотреть?
Пользователь решил продолжить мысль [time]17 Июнь 2015, 11:49:04[/time]:
Посмотрел эту статью. Поправил конфиг хоста и убрал из него все лишнее:
<VirtualHost xxx.xxx.xxx.xxx:443>
ServerAdmin info@site.su
ServerName myssl.site.su
DocumentRoot /var/www/site.su/myssl/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/site.su/myssl/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
<FilesMatch ".(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]"
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
Ошибка в логе apache:
[error] VirtualHost xxx.xxx.xxx.xxx:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Wed Jun 17 10:40:26 2015] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Jun 17 10:40:26 2015] [notice] Apache/2.2.22 (Ubuntu) PHP/5.3.10-1ubuntu3.18 with Suhosin-Patch mod_ssl/2.2.22 OpenSSL/1.0.1 configured -- resuming normal operations
Пользователь решил продолжить мысль [time]17 Июнь 2015, 16:25:16[/time]:
В общем победил.
Оказывается чтоб оно корректно работало, нужно в каждом файле хоста прописать вместо
<VirtualHost xxx.xxx.xxx.xxx:443>это
и
<VirtualHost xxx.xxx.xxx.xxx:80>
<VirtualHost *:443>
и
<VirtualHost *:80>
Все заработало.
In this post, we provide 6 fixes for the “ssl_error_rx_record_too_long” error.
When you use FireFox, there might be some instances that you’ll come across an error. One of them is the “ssl_error_rx_record_too_long” error. In this article, we’re going to go through the nature of this error, what causes it, and what are the possible fixes you can use.
Anyone else seeing this error on Blogspot?
SSL_ERROR_RX_RECORD_TOO_LONG pic.twitter.com/lcj5j4MB2V
— Terence Eden (@edent) November 29, 2016
If you use the latest Microsoft OS versions (e.g. Windows 7, 8, and 10), then there will be instances where you can come across the ssl_error_rx_record_too_long FireFox error.
This error appears when you connect to a website that has an HTTPS protocol using the FireFox browser and the secure connection fails. The problem, however, is that it can be tricky to figure out the exact cause of the problem. There are various factors including:
- Protocol issues
- Browser issues
- Security settings
- Software conflicts
If you’re not tech-savvy, this might sound alarming to you. Fortunately, this problem can be easily fixed by following the fixes mentioned below.
How to Fix the ssl_error_rx_record_too_long Error?
If you find the ssl_error_rx_record_too_long error recurring, then you need to fix it immediately. Here are the following fixes you can follow:
1st Fix: Change the Connection to HTTP Protocol
The very first fix you should try is to connect to the website without the secure protocol. According to Auslogics, the changes are done to the URL so as to bypass a secure connection. To achieve this, you have to follow these steps:
- Open the site with the ssl_error_rx_record_too_long error
- On the address bar, change https:// to http://
- After that, simply reload the page by either clicking on the Refresh icon or pressing the F5 button.
2nd Fix: Update Your Browser
According to Auslogics, your Firefox browser may fail to update itself automatically in accordance with the default settings. Hence it needs to be updated manually, as this may be causing the ssl_error_rx_record_too_long error. Here’s how:
- Open or launch your Firebox browser.
- Head to the upper right corner and look for the Menu icon. Click on it.
- After that, click Help then choose About Firefox from the drop-down.
- This will take you to the browser’s version screen. If your browser is currently outdated, simply update it.
Once you have updated the browser, restart it and check if the problem is fixed. If not, you might want to proceed to the next fix.
3rd Fix: Check Your Browser’s Proxy Settings
Windows Report suggests that the proxy connection might be the cause of the error, and as such recommends that you check its settings. However, there are no specific steps for this. Additionally, the HashedOut blog recommends that you shouldn’t attempt to configure the proxy on your own unless you’re an IT admin, as a misconfigured proxy setting can only lead to more problems.
Video Guide: How To Change Proxy Settings In Google Chrome
4th Fix: Start in Safe Mode
Safe mode can help fix several errors associated with your browser. This means that even the ssl_error_rx_record_too_long error can be solved by activating Firefox’s safe mode. As a matter of fact, the safe mode switches off all add-ons and extensions for a short time before turning back to default. To go to safe mode, follow the steps below as outlined by UGetFix:
- On your Firefox browser, click Open Menu then look for Help.
- From the drop-down list, click Restart with Add-ons Disabled then click Restart.
- Press Start in Safe Mode from the dialogue window that appears.
- After that, check whether the error has been resolved.
Video Guide: Open Google Chrome In Safe Mode
5th Fix: Disable All Add-ons
If the previous fix worked for you, then there’s no longer a need to fix it anymore. However, chances are you’ll still encounter the error when you open the website on a normal browser, and one of the probable cause of this is add-ons.
Add-ons are known to be important, but sometimes, they can also be the cause of the ssl_error_rx_record_too_long error. Thus, they need to be disabled. Here are the steps outlined by Windows Report:
- While still on Safe mode, click on the Menu button.
- Press the Help button from the drop-down menu then choose Restart with Add-ons Enabled.
- After that, in Firefox’s address bar, simply type about:addons then hit Enter.
- Click Disable for each of the add-ons you have added.
- Restart Firefox then visit the website again.
Video Guide: Disabling Chrome Extensions
6th Fix: Disable Your Antivirus Temporarily
In some cases, your antivirus may interpret some SSL certificates as a threat to your browsing activities. Hence, it will block any data from the page. This may be the reason behind the ssl_error_rx_record_too_long error. By disabling your antivirus, you can probably fix this issue.
If you are using a third-party antivirus, it’s best to check its manual so you can disable it. If you are using Microsoft’s Windows Defender, here are how you can do it as what Auslogics suggested (steps will vary depending on your OS version):
Windows 10:
- Press the Windows key or simply click on Start Menu.
- Look for the Gear icon to open the Settings page.
- On the Settings page, click Update and Security.
- Go to Windows Security.
- Select Virus and threat protection. Go to its settings.
- Scroll down to the Real-time protection option then switch it off.
Window 8:
- Navigate to the Start menu then look for the Control Panel.
- Enable the Icons view on your Control Panel.
- Look for the Window Defender icon and click on it.
- Head to Settings.
- On the left side, click on Real-time protection then turn it off by unchecking the box.
- Save the changes afterward.
Window 7:
- Go to your Control Panel from the Start menu.
- Click on the Control Panel and enable the Icons view.
- Click on the Windows Defender icon.
- Head to the Tools section then look for Options.
- On the left pane, click on Real-time Turn it off by unchecking the box next to it.
- Save your settings then exit.
Video Guide: How To Disable Or Enable Windows Defender In Windows 10
Forum Feedback
We looked through different tech forums and support board to find more about the ssl_error_rx_record_too_long message and the problems users have with it. In general, people wanted to know about ssl_error_rx_record_too_long Firefox fix, ssl_error_rx_record_too_long Apache, and ssl_error_rx_record_too_long debian 9. They were also interested in ssl_error_rx_record_too_long Chrome and letsencrypt.
A site owner reported that users couldn’t access the website and that they kept getting the message that ssl_error_rx_record_too_long on all browsers and platforms.
- After he did some research on the subject, he discovered that this error was caused by an incorrect implementation of the SSL on the server side.
- The solution was to check if he had opened and enabled the 443 port on the server.
- He also recommended that you check your vhost config if you’re using Apache2 and that your SSL certificate hadn’t expired.
Another person said that the only thing that solved the ssl_error_rx_record_too_long error was to reinstall the SSL. He also mentioned that you should recheck the SSL configuration to see if you had set the SSLEngine on.
An individual shared that you might get the ssl_error_rx_record_too_long error when the SSL port was speaking in HTTP. The user also commented that the problem could be related to the user’s proxy configuration and that the problem might not be on the server-side at all.
Another computer owner commented that he had problems opening his site using Firefox, but it was working well in Chrome. In Firefox he was getting the ssl_error_rx_record_too_long error, and he was wondering if the issue was related to the SSL certificate or it was a Firefox bug.
A computer expert explains that ssl_error_rx_record_too_long occurs when you haven’t configured a certificate properly on the server’s port. The port is opened to the server, but since the configuration is not correct, users can’t access the website. The person adds that it’s an error that you are likely to encounter in web servers like Apache and Nginx.
Another individual shared that he encountered the ssl_error_rx_record_too_long problem in Apache and that he spent a lot of time researching how to fix it. Finally, he realized that it was related to an issue with the VirtualHost record because he didn’t have a VirtualHost record for the 433 port.
A person pointed out that if you’re a regular user and you can’t access a website because of the ssl_error_rx_record_too_long, you should contact the website’s owner and notify him of the problem.
- The individual states that you can do little on your part to fix the problem because it’s almost always on the server-side.
- What’s more, he warned that turning off your antivirus or switching to HTTP to bypass the issue was dangerous and probably would compromise the security of your online communications.
Another forum poster observes that ssl_error_rx_record_too_long is usually the result of two things – misconfiguration of the listening port or issues with the TSL version. The user recommends that you update your SL/TLS library if you haven’t already done it and that you check that you’re not supporting TLS 1.0 and SSL 3.0.
Another poster pointed out that using an irregular port or not having a trusted certificate would also result in a ssl_error_rx_record_too_long error and that the configuration of the port will depend on the type of server. In addition to this, he advised that you check your certificate once more to ensure that it’s working properly.
A person commented that he was getting the ssl_error_rx_record_too_long error when he was visiting different websites.
- The computer user added that reloading the page sometimes worked but other times didn’t.
- Since it was obvious that the problem was not on the server side, he was wondering what was wrong with his system.
- Other forum members advised him to clear the cache or attempt to load the page in an incognito window.
- They also said that he could write HTTPS before the URL and see if it would solve the problem.
Another user shares that if you’re using Tomcat, you should check if the connector is properly configured to use SSL and that the port number is correct. He also mentions that in Apache you should see if the Listen port matches the numbers in the VirtualHost directive.
An individual also says that you might experience the ssl_error_rx_record_too_long error if Firefox has enabled TLS 1.3 and the security software has an issue with it. You can fix that by going to typing about:config in the address bar and change the value as follows security.tls.version.max = 3.
Conclusion
One of the above fixes might work to resolve your the ssl_error_rx_record_too_long error. However, if nothing ever worked, the last option would be to reinstall your Firefox browser. It’s pretty straightforward, really. You just have to uninstall it from your programs list then download a fresh copy of the browser and install once again.
Ryan is a computer enthusiast who has a knack for fixing difficult and technical software problems. Whether you’re having issues with Windows, Safari, Chrome or even an HP printer, Ryan helps out by figuring out easy solutions to common error codes.
You may have come across the following error while trying to setup SSL certificates on Apache:
Error code: ssl_error_rx_record_too_long(Firefox) or Internet Explorer cannot display the webpage (IE)
More often than not, you have something mis-configured (Likely the listening port: 443). First, make sure that your firewall or iptables allows incoming connections on 443 (command shown on Ubuntu):
#sudo ufw allow 443
That may not have fixed your problem, but now try going to the following address:
http://www.domain.tld:443
If you’ve successfully seen something at the above page, it means your sites are listening on that port for non-ssl. I’ll assume that your apache virtual host file has something along the lines of:
NameVirtualHost *
What you’re going to want to do is force your vhosts to listen specifically on the proper ports. Change the above line to the following:
NameVirtualHost *:80
If you’re using Ubuntu your ports.conf file should likely have 443 enabled on the listening port. You may also have default-ssl listed in your /etc/apache2/sites-available/ folder, in which case you may want to enable that:
#sudo a2ensite /etc/apache2/sites-available/default-ssl
Basically, that file has the following inside of it:
... your server name / document root ... SSLEngine on SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key
While you can use a single “shared” SSL certificate for multiple hosts, if each host needs its own SSL, they will need static IP addresses.
Other recommendations:
- Ensure that port
443is open and enabled on your server. This is the standard port for HTTPS communications. - If SSL is using a non-standard port then Firefox 3 can sometimes give this error. Ensure SSL is running on port
443. - If using Apache2 check that you are using port
443for SSL. This can be done by setting theports.conffile as follows:Listen 80 Listen 443 https
- Make sure you do not have more than one SSL certificate sharing the same IP address. Please ensure that all SSL certificates utilize their own dedicated IP address.
- If using Apache2 check your
vhostconfig. Some users have reported changing to_default_resolved the error.
If you use the internet frequently, you’re bound to come across error messages from time to time. When you encounter an issue like the “SSL_ERROR_RX_RECORD_TOO_LONG” message, it’s important to know how to resolve it fast so you can get back on track.
The good news is that there are simple steps you can take to fix this confusing-looking error. Most likely, this problem involves the Secure Sockets Layer (SSL) certificate configuration within your browser.
In this post, we’ll introduce this issue and explain some common reasons you might come across it. Then we’ll provide you with seven methods you can use to fix the “SSL_ERROR_RX_RECORD_TOO_LONG” error.
Let’s get started!
What Is the “SSL_ERROR_RX_RECORD_TOO_LONG” Error?
The “SSL_ERROR_RX_RECOD_TOO_LONG” error is a problem that’s specific to Mozilla Firefox. In other words, you likely won’t come across it when using other browsers, although they may have their own versions of the error.
The particular wording can vary. However, along with “SSL_ERROR_RX_RECORD_TOO_LONG”, you’ll typically see a “Secure Connection Failed” message:
This is a relatively common error. Fortunately, that means there are a handful of tried and true methods you can use to resolve it.
Before you dive into troubleshooting, though, it’ll help to have an understanding of some potential causes.
The “SSL_ERROR_RX_RECORD_TOO_LONG” message may look complicated, but this post has 7 ways to fix it so you can get back on track. 💪Click to Tweet
What Causes the “SSL_ERROR_RX_RECORD_TOO_LONG” Error?
From the above screenshot, you can see that this error message gives you a few details about the issue. For example, it mentions that the page you’re trying to view can’t display “because the authenticity of the received data could not be verified.”
It also mentions that the secure connection failed and indicates an issue with the site’s SSL certificate.
This error message may be a result of poor security on the part of the website you’re trying to visit, whether it’s your own or someone else’s. In a nutshell, the most common cause is that the SSL certificate is not properly configured, and your browser is, therefore, unable to complete the connection with the port on the server successfully.
One of the possible causes could be that you have a misconfigured listing port. Another potential reason is that your browser doesn’t currently support an adequate version of Transport Layer Security (TLS). In the past, this used to be a common issue with TLS 1.2; however, in recent years, it seems to be arising with TLS 1.3 as well.
How To Fix the “SSL_ERROR_RX_RECORD_TOO_LONG” Error in Firefox (7 Methods)
Now that we understand a little bit more about this issue, it’s time to get to work on fixing it. Below are seven methods you can use to resolve the “SSL_ERROR_RX_RECORD_TOO_LONG” error.
1. Clear Your Browser History and Cache
To get started, let’s begin with the easiest potential fix of all: clearing your browser cache and history.
To do so, open your Firefox browser and click on the hamburger menu icon (the three vertical lines in the top right-hand corner of the screen).
Next, click on Settings, followed by the Privacy & Security tab:
Next, under the Cookies and Site Data section, select Clear Data. A new window will open:
Make sure all options are selected, and then click on the Clear button. Next, on the same Privacy & Security screen, under the History section, click on Clear History.
When you’re done, restart your browser and try accessing the website that was giving you the error message. If that doesn’t work, it’s time to move on to the next fix.
2. Update and Reset Firefox
Another potential way to resolve the “SSL_ERROR_RX_RECORD_TOO_LONG” error is by updating and resetting your Firefox browser.
To do so, you can navigate to the menu icon again, and then select Help followed by About Firefox:
A new window will open:
Click on the Restart to Update Firefox button. Your computer will restart. Once it’s finished, re-open the browser and try revisiting the site.
3. Disable Your Browser Extensions
Another method you can try is disabling your browser extensions. This is especially recommended if you have any ad blockers, firewalls, or antivirus extensions.
It’s important to note that turning off any of this software permanently is not recommended. However, temporarily deactivating these tools can help you determine whether they’re the source of the problem and, if so, find an alternative.
To disable your Firefox extensions, navigate to the menu, then select Add-ons and Themes and click on the Extensions tab:
Here, you can toggle the switches to disable each extension. (If you have a lot of them, you might want a simpler way of doing this. Fortunately, you can do so by restarting Firefox in Safe Mode.)
To do this, navigate to click on the browser menu, and then select Help. Next, click on Restart with Add-ons disabled. You can also try restarting the browser in troubleshooting mode.
Once you select either of these options, a dialogue window will open. Click on Restart. Then try visiting the site returning the “SSL_ERROR_RX_RECORD_TOO_LONG” error message, to see if it still appears.
4. Try Using the HTTP Protocol
If you’re still seeing the error message, another solution you can try is bypassing the security protocol. In other words, you can remove the “s” in the “HTTPS” portion of the website address:
Once you delete the “s”, you’ll automatically switch over to the HTTP protocol. Press Enter to reload the site and see if this resolved the issue.
5. Update Your Proxy Settings
If you have the wrong proxy connections, that’s another reason you may be seeing this “SSL_ERROR_RX_RECORD_TOO_LONG” message.
To determine whether that’s the case, the first step is to disable your proxy settings. You can do that by navigating to the Firefox menu and clicking on Settings.
At the bottom of the screen, under Network Settings, select Settings:
In the window that opens, select the first option that says No proxy:
Finally, click on the OK button. Now restart the browser to see whether this has resolved the issue.
6. Change Your TLS Preferences
As we mentioned earlier, this message may be due to your TLS settings. Therefore, updating your preferences may resolve it.
To get started, enter “about:config” into your Firefox browser address bar and press Enter. A window should appear asking you to promise to be careful. Click on Accept the Risk and Continue:
Next, type “tls” into the search bar and click on Enter again. In the list, look for the option that says security.tls.version.max and double-click on it:
Now, update the TLS from “4” to “3”. Once that’s done, restart your browser and try visiting the site again.
7. Add the Site to Your Trusted Sites List
A final step you can take to resolve the “SSL_ERROR_RX_RECORD_TOO_LONG” error in Firefox is to add the website you’re trying to access to your trusted sites list.
We’ll take a look at how to fix this using Windows. Start by typing “internet options” in the search bar of your Windows menu:
In the Internet Properties window that opens, click on the Security tab, followed by Trusted Sites:
Next, click on the Sites button. A new window will open. In this window, enter the URL of the website that’s giving you the error message.
When you’re done, click on Add > Close. Finally, select Apply, then the OK button.
Now all the browsers you use on your device to access this specific website will trust it.
If you’ve ever seen this error, don’t panic. 🙅♂️This post has 7 ways to fix it quickly and easily. 🚀Click to Tweet
Summary
Encountering error messages when you’re trying to access a website can be frustrating. This is especially true when you get a confusing error code, such as “SSL_ERROR_RX_RECORD_TOO_LONG”.
As we discussed in this post, there are some simple solutions you can try to fix this error message. In addition to clearing your cache and resetting your browser, you can also try updating your proxy settings and changing your TLS preferences.
If you need further help to troubleshoot this or similar errors, you might want to get in touch with the site’s owner (or, if you’re the owner, your hosting provider). Kinsta’s support team is here 24/7 to help with errors like this one, so check out our hosting plans to learn more.
Get all your applications, databases and WordPress sites online and under one roof. Our feature-packed, high-performance cloud platform includes:
- Easy setup and management in the MyKinsta dashboard
- 24/7 expert support
- The best Google Cloud Platform hardware and network, powered by Kubernetes for maximum scalability
- An enterprise-level Cloudflare integration for speed and security
- Global audience reach with up to 35 data centers and 275 PoPs worldwide
Test it yourself with $20 off your first month of Application Hosting or Database Hosting. Explore our plans or talk to sales to find your best fit.