Tuesday, May 29, 2012

ssl_error_rx_record_too_long and Apache SSL


I've got a customer trying to access one of my sites, and they keep getting this error > ssl_error_rx_record_too_long



They're getting this error on all browsers, all platforms. I can't reproduce the problem at all.



My server and myself are located in the USA, the customer is located in India.



I googled on the problem, and the main source seems to be that the SSL port is speaking in HTTP. I checked my server, and this is not happening. I tried the solution mentioned here , but the customer has stated it did not fix the issue.



Can anyone tell me how I can fix this, or how I can reproduce this???



PS: If you can reproduce the problem with the following URL please let me know!



THE SOLUTION



Turns out the customer had a misconfigured local proxy!



Hope that helps anyone finding this question trying to debug it in the future.


Source: Tips4all

14 comments:

  1. The link mentioned by Subimage was right on the money for me. It suggested changing the virtual host tag, ie, from <VirtualHost myserver.example.com:443> to <VirtualHost _default_:443>


    Error code: ssl_error_rx_record_too_long

    This usually means the implementation of SSL on your server is not correct. The error is usually caused by a server side problem which the server administrator will need to investigate.

    Below are some things we recommend trying.


    Ensure that port 443 is open and enabled on your server. This is the standard port for https communications.
    If SSL is using a non-standard port then FireFox 3 can sometimes give this error. Ensure SSL is running on port 443.
    If using Apache2 check that you are using port 443 for SSL. This can be done by setting the ports.conf file as follows

    Listen 80
    Listen 443 https

    Make sure you do not have more than one SSL certificate sharing the same IP. Please ensure that all SSL certificates utilise their own dedicated IP.
    If using Apache2 check your vhost config. Some users have reported changing <VirtualHost> to _default_ resolved the error.
    Make sure that your SSL certificate is not expired



    That fixed my problem. It's rare that I google an error message and get the first hit with the right answer! :-)

    ReplyDelete
  2. In my case I had to change the <VirtualHost *> back to <VirtualHost *:80> (which is the default on Ubuntu). Otherwise, the port 443 wasn't using SSL and was sending plain HTML back to the browser.

    You can check whether this is your case quite easily: just connect to your server http://www.example.com:443. If you see plain HTML, your Apache is not using SSL on port 443 at all, most probably due to a VirtualHost misconfiguration.

    Cheers!

    ReplyDelete
  3. The solution for me was that default-ssl was not enabled in apache 2.... just putting SSLEngine On

    I had to execute a2ensite default-ssl and everything worked.

    ReplyDelete
  4. In my case I had forgot to set SSLEngine On in the configuration. Like so,

    <VirtualHost _default_:443>
    SSLEngine On
    ...
    </VirtualHost>


    http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslengine

    ReplyDelete
  5. I'm thinking it could also be caused by a misconfigured proxy at their side of things. Any thoughts on that as well?

    ReplyDelete
  6. please see the following

    http://www.errorhelp.com/index.php/search/details/69648/ssl_error_rx_record_too_long

    #

    I looked in all my apache log files until I found the actual error (I had changed the from default to my fqdn). When I fixed this error, everything worked fine.

    #

    ReplyDelete
  7. If you have the error after setup a new https vhost and the config seems to be right, remember to link in sites-enabled too.

    ReplyDelete
  8. In my case the problem was that https was unable to start correctly because Listen 443 was in "IfDefine SSL" derective, but my apache didnt start with -DSSL option. The fix was to change my apachectl script in:

    $HTTPD -k $ARGV


    to:

    $HTTPD -k $ARGV -DSSL


    Hope that helps somebody.

    ReplyDelete
  9. My problem was due to a LOW MTU over a VPN connection.

    netsh interface ipv4 show inter

    Idx Met MTU State Name
    --- --- ----- ----------- -------------------
    1 4275 4294967295 connected Loopback Pseudo-Interface 1
    10 4250 **1300** connected Wireless Network Connection
    31 25 1400 connected Remote Access to XYZ Network


    Fix:
    netsh interface ipv4 set interface "Wireless Network Connection" mtu=1400

    It may be an issue over a non-VPN connection also...

    ReplyDelete
  10. I had a messed up virtual host config. Remember you need one virtual host without SSL for port 80, and another one with SSL for port 443. You cannot have both in one virtual host, as the webmin-generated config tried to do.

    ReplyDelete
  11. Ask the user for the exact URL they're using in their browser. If they're entering https://your.site:80, they may receive the ssl_error_rx_record_too_long error.

    ReplyDelete
  12. I had the same problem in some browser to access to my SSL site.
    I have found that I had to give to fireFox the right proxy (FireFox was accessing directly to internet).

    Depending of the lan configuration (Tunneling, filtering, proxy redirection), the "direct access to internet" mode for FireFox throws this error.

    ReplyDelete
  13. In my case, I had the wrong IP Address in the virtual host file. The listen was 443, and the stanza was <VirtualHost 192.168.0.1:443> but the server did not have the 192.168.0.1 address!

    ReplyDelete
  14. Old question, but first result in Google for me, so here's what I had to do.

    Ubuntu 12.04 Desktop with Apache installed

    All the configuration and mod_ssl was installed when I installed Apache, but it just wasn't linked in the right spots yet. Note: all paths below are relative to /etc/apache2/

    mod_ssl is stored in ./mods-available, and the SSL site configuration is in ./sites-available, you just have to link these to their correct places in ./mods-enabled and ./sites-enabled

    cd /etc/apache2
    cd ./mods-enabled
    sudo ln -s ../mods-available/ssl.* ./
    cd ../sites-enabled
    sudo ln -s ../sites-available/default-ssl ./


    Restart Apache and it should work. I was trying to access https://localhost, so your results may vary for external access, but this worked for me.

    ReplyDelete