pfsense:troubleshooting:ssl_error_rx_record_too_long
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| pfsense:troubleshooting:ssl_error_rx_record_too_long [2020/04/22 10:44] – created peter | pfsense:troubleshooting:ssl_error_rx_record_too_long [2020/07/15 09:30] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== PFSense - Troubleshooting - SSL_ERROR_RX_RECORD_TOO_LONG ====== | ====== PFSense - Troubleshooting - SSL_ERROR_RX_RECORD_TOO_LONG ====== | ||
| + | |||
| + | Getting the error **SSL_ERROR_RX_RECORD_TOO_LONG** when attempting to access multiple different sites, sometimes goes away with refresh but sometimes persists. | ||
| + | |||
| + | {{: | ||
| + | |||
| + | Usually when using Squid option of **Splice All** for SSL/MITM Mode. | ||
| + | |||
| + | Can't connect to 192.168.1.1: | ||
| + | |||
| + | < | ||
| + | SSL connect attempt failed error: | ||
| + | </ | ||
| + | |||
| + | Check: | ||
| + | |||
| + | <code bash> | ||
| + | openssl s_client -connect 192.168.1.1: | ||
| + | </ | ||
| + | |||
| + | returns: | ||
| + | |||
| + | <code bash> | ||
| + | ... | ||
| + | Verify return code: 21 (unable to verify the first certificate) | ||
| + | ... | ||
| + | </ | ||
| + | |||
| + | ---- | ||
| + | |||
| + | ===== Cause ===== | ||
| + | |||
| + | The SSL_ERROR_RX_RECORD_TOO_LONG message from Firefox typically comes as a result of a mis-configuration on the server side. | ||
| + | |||
| + | The two most predominant causes of the SSL_ERROR_RX_RECORD_TOO_LONG message from the server side: | ||
| + | |||
| + | * The listening port mis-configured – If you want your website to establish secure connections you must configure it to use Port 443. | ||
| + | * The system does not support an adequate TLS version – This problem arose ten years ago with the advent of TLS 1.2 and is appearing again with TLS 1.3. | ||
| + | |||
| + | |||
| + | ---- | ||
| + | |||
| + | ===== Solution ===== | ||
| + | |||
| + | * **Services -> SquidGuard Proxy Filter -> Common ACL -> ALL to allow** | ||
| + | |||
| + | * May need to refresh the browser cache: | ||
| + | * CTRL F5 | ||
| + | * CTRL+SHIFT+r | ||
| + | * SHIFT+reload button | ||
| + | |||
| + | * Might need to turn off support for the newest and most secure connection protocol, TLS 1.3. | ||
| + | * In Firefox | ||
| + | * Type **about: | ||
| + | * In the search box above the list, type **TLS**. | ||
| + | * Double-click the **security.tls.version.max** preference to display a dialog where you can edit the value from 4 to 3 (or in other words, from TLS 1.3 to TLS 1.2). | ||
| + | * Then click **OK**. | ||
| + | |||
| + | ---- | ||
pfsense/troubleshooting/ssl_error_rx_record_too_long.1587552248.txt.gz · Last modified: 2020/07/15 09:30 (external edit)