Mental Jetsam

By Peter Finch

Firefox HTTPS error ssl_error_rx_record_too_long

Posted by pcfinch on March 11, 2009

I just had an interesting problem when accessing a HTTPS (SSL) service in Firefox. I got the following error message.

SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)

It turned out the the HTTPS service (on port 443) was not actually a HTTPS service and it was configured as a normal HTTP service. The initial connection from the browser was communicating in HTTPS, and expecting a security certificate, but instead it was getting back the normal HTTP “Bad Request” HTML. A confusing error message, but an easy problem to fix.

About these ads

21 Responses to “Firefox HTTPS error ssl_error_rx_record_too_long”

  1. Hi Peter!

    What was your fix to this problem?

    I’m having the same issue but haven’t found a way to fix it.

    Tks

  2. dwight said

    I hit this on my debian installation. If you look in /etc/apache2/sites-available and sites-enabled/, make sure that if there is a “default-ssl” in the ‘available’ directory, that it’s also linked in the ‘enabled’ directory. Until I did this, I was getting the error.

    basically, apache is listening on port 443, but doesn’t know that it’s supposed to be using SSL on that port, until you configure it to do so.

    • Brian said

      I was trying to figure this out all day and I finally got it resolved because of your post. THANK YOU!

      • peatuhacs said

        sorry how do you actually configure it?

      • Fred said

        Website needs to be both enabled AND available.
        For this, you need to create a symbolic link into the sites-enabled folder and restart apache:

        cd /etc/apache2/sites-enabled
        ln -s ../sites-available/default-ssl default-ssl
        /etc/init.d/apache2 reload

  3. create ssl certificate for apache on ubuntu 8.04 :
    sudo mkdir /etc/apache2/ssl
    sudo /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

    cd /etc/apache2/sites-available
    cp default ssl

    edit ssl, add
    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/apache.pem

    enable site,
    a2ensite ssl
    you also need to change in ssl …

    VirtualHost *:80
    to…
    VirtualHost *:443

    then restart/reload apache

    (khusyal singh
    from india)

  4. aniket said

    i hav a problem during opening sute orkut and facebook it tells me that permitted length exceeds, i dnt knw how to cure it please give me some suggestions…

  5. david said

    This issue is about openssl 0.98e, I had same problem after upgrading openssl 0.97 to 0.98

  6. pain said

    still cant resolve my problem. hope i can find step by step tutorial about this

  7. saxi said

    i have own problem only with facebook i can not open this site and i don`t know why??? i want help :D thank u!!!

  8. Tiago said

    redirecionamento de portas no firewall estavam causando isto..

  9. Tiago said

    sorry, in english, port rdr is the cause for my problem –> client side.

  10. Wondering how to do this on a shared server

  11. Steve said

    I started getting this from socialfixer (Facebook app) today on Firefox but not on iron. I always use https on Facebook. I haven’t done anything to change port 443 to my knowledge. I’ll ask the socialfixer guy if he knows why it’s happening.

  12. James said

    I had the same issue, but the debian fix as above worked for me.

    Thanks

  13. Aaron said

    Guys, I had this issue running only Tomcat as the servlet engine. I have found the cause of the issue to be format of the SSL connector in the server.xml file. When I pasted in the connector string from my own notes it was failing despite no word wrap on the source notepad string. After finding no useful answers on google anywhere I decided to modify the existing connector in the original server.xml to add the key store and trust store manually and it resolved the issue.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: