SSL_ERROR_RX_RECORD_TOO_LONG: 9 Solutions for Site Owners and Visitors
SSL_ERROR_RX_RECORD_TOO_LONG – Not sure what this error is or why you’re getting it? Here’s what to know about it and how to get rid of it
If you’re wondering how to bypass the “Secure Connection Failed” page with the “SSL_ERROR_RX_RECORD_TOO_LONG” error message, then you are in luck! In this article, we’ll cover nine proven solutions for site visitors and admins that will help you avoid or fix this error.
Let’s start with a few quick notes:
- SSL_ERROR_RX_RECORD_TOO_LONG is a server-side error. As a website visitor, you can only bypass this error or force browser to trust and open the website temporarily. Only a website owner can bring a permanent solution to this problem.
- This server-side error is experienced only in Firefox. However, even if you switch to another browser, it’ll just show a slightly different error message.
- The issue results from an SSL/TLS certificate misconfiguration. If you are a website owner: SSL_ERROR_RX_RECORD_TOO_LONG indicates that you haven’t configured your TLS/SSL certificate properly. Please scroll down the article and check out the solution for the website-owner.
How to Resolve SSL_ERROR_RX_RECORD_TOO_LONG as a Site Visitor
These solutions are listed for website visitors only. You don’t need to apply all of them. Just try them, one-by-one, until one finally works on your system and allows you to bypass the SSL_ERROR_RX_RECORD_TOO_LONG error page.
Don't make the same mistakes
Yahoo, Equifax, Home Depot,
LinkedIn, and Ericsson did!
Get our free 15-point checklist and
avoid the same costly pitfalls.
Contact details collected on InfoSec Insights may be used to send you requested information, blog update notices, and for marketing purposes. Learn more...
Solution 1: Configure the TLS Version Acceptance Level
Some SSL certificates support the older TLS versions such as TLS 1.1 or TLS 1.2. While Firefox’s security settings are configured in a way that it accepts only the latest TLS version, i.e. TLS 1.3. If Firefox encounters with the SSL certificate that supports old TLS version, it shows the SSL_ERROR_RX_RECORD_TOO_LONG error.
By changing the Firefox’s TLS acceptance level, you can make it accept the websites that use SSL certificates supporting older TLS version. This is the safest method to bypass SSL_ERROR_RX_RECORD_TOO_LONG error because you will be still accessing the website that encrypts the data using an HTTPS protocol.
- Write “about:config” in the Firefox address bar.
- Click on the I accept the risk button.
- Now, search for “security.tls.version.max” and double click on it.
- Set security.tls.version.max as “3.”
- Search “security.tls.version.min” in the search box and double click it.
- Set security.tls.version.min as “0.”
By doing this, you’re instructing Firefox to accept the websites that are running on any TLS version, including on TLS 1.1, TLS 1.2, TLS 1.3, and TLS 1.0.
If this tip doesn’t work, move to the next solution.
Solution 2: Clear Browsing History and Cache Memory
Sometimes, the website owner has already resolved the SSL_ERROR_RX_RECORD_TOO_LONG error on the server side, but Firefox’s cache memory is still displaying old information. Clearing your browsing history, cookies, and cache memory might resolve this issue:
- Open Firefox and navigate to Options from the top-right drop-down menu.
- Go to Privacy and Security from the left menu bar.
- Click on Clear Data in the Cookies and Site Data section.
- Select Clear History.
- Select all the options and click on Clear Now.
Note: From this point on, all of the site visitor solutions are risky because you will be accessing the website that has a misconfigured SSL/TLS certificate and is transferring your data using unsecured HTTP channel. Use them only when you are 100% sure that website you are approaching is safe!
Solution 3: Trusted Sites Configuration
When you add a website in your “trusted site” list, all the browsers will trust it regardless of its SSL/TLS configuration. To add a site to your trusted site list:
- Search Internet Options in your Windows search bar.
- In the Internet Properties window, click on the Security tab.
- Select Trusted Sites.
- Click on the Sites button — a new window will pop-up.
- Manually add the URL of the website that’s displaying the error message. Select Add and then Close.
- Back in the Internet Properties window, click Apply and OK. That’s it!
Solution 4: Shift to Using the HTTP Protocol
One of the easiest solutions for SSL_ERROR_RX_RECORD_TOO_LONG error is to shift from HTTPS to HTTP protocol. Note: We’re informing you that this is an option to get rid of the error. However, it’s not an ideal solution to ever connect to a website using the insecure HTTP protocol because it leaves you at risk.
If the website does not have a 301 redirect, then only this solution will work.
In the address bar, the website you are trying to open will be starting with HTTPS://. Simply remove the letter “s” from HTTPS:// and open the website using HTTP://.
However, this solution might not work if the website has already redirected to the HTTPS. If that is the case, move on to the next solution.
Solution 5: Open the Website in Safe Mode
Sometimes, the security add-ons don’t open websites using misconfigured SSL certificates. When you restart Firefox in safe mode, all the add-ons are disabled, and you’ll be able to access the site.
To start Firefox in safe mode: Click on the browser menu (three lines on the right side of the window).
- Navigate to Help.
- Select Restart with Add-ons Disabled…
- Select the Restart Tab
- Click on Start in Safe Mode.
That’s it! If it worked, congratulations. If not, let’s try the next method.
Solution 6: Change Your Proxy Settings
Sometimes the wrong proxy connections can also cause the SSL_ERROR_RX_RECORD_TOO_LONG message to display. You can disable proxy settings to check whether it is the culprit that causes this error by doing the following:
- Go to Firefox menu and click on Options.
- Locate Network Settings and click on Settings.
- Select No Proxy option. Click OK and restart the browser.
Solution 7: Temporarily Disable Your Antivirus and Firewall
Most of antivirus software and firewalls have SSL scanning capabilities. So, even after you have instructed browsers to bypass the SSL related errors, the antivirus program would still block the websites with misconfigured SSL certificates.
Just go to your antivirus software or firewall and search for the SSL related settings. It could be named as “HTTPS Scanning,” “Scan SSL,” “show the safe result,” “Do not scan encrypted connections,” etc. disable such settings. If you don’t find any such setting area, you can disable the antivirus/firewall temporarily.
Note: Disabling your antivirus and firewall is a risky step — one that we never recommend. If you decide to try this option, be sure to reactivate the solution(s) you disable after you get access to the website you want.
Well, that’s the end of it. Now, it’s time to move on to helping site owners and admins fix this issue with their sites.
SSL_ERROR_RX_RECORD_TOO_LONG as a Website Owner
As we mentioned above, SSL_ERROR_RX_RECORD_TOO_LONG is a server-side error. This means that only you — the website owner or webmaster — can resolve this error with one of the following solutions listed below.
Solution 1: Configure the Listening Port
Without an SSL/TKS certificate, all the traffic between a browser and your server travels using the port 80 (also called the “listening port”). When you install an SSL certificate on your server, it enables port 443 for data transmission, which allows you to use the secure HTTPS protocol.
If you haven’t configured your SSL certificate properly to support the use of port 443, then any web traffic for the site will faces obstacles to pass through it.
All the servers have different ways to configure the TLS/SSL certificate. Below are the links for Apache and Linux.
If you’re using other servers, please search “Port 443 + HTTPS + Your server name” to find additional resources.
Solution 2: Update Your TLS/SSL Library
SSL_ERROR_RX_RECORD_TOO_LONG can also appear when your server/system doesn’t support your TLS version. You can tackle this issue by updating the SSL library in OpenSSL. Most browsers already support TLS 1.3, and many servers are working on upgrading to support it. So, make sure TLS 1.3 is enabled.
If nothing else:
- ensure you’re supporting TLS 1.2 at the minimum, and
- disable any deprecated versions (such as SSL 3.0 and TLS 1.0, and TLS 1.1 after March 2020) immediately.
A Final Word
If you are a website visitor and have decided to proceed further with any unsecured solutions to access the website, be careful. Don’t share any financial information such as payment card numbers, bank account numbers or any personally identifiable information (PII) such as email address, phone number, physical address, social security number, etc., on such website.
SSL_ERROR_RX_RECORD_TOO_LONG is a server side error and when you force your browser to ignore it, you will be approaching a website that’s not encrypting your data and hence, making it vulnerable for data theft and man-in-the-middle attacks.
No comments