SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)

S

16

80

I followed the official docs on https setup located here: https://help.ubuntu.com/6.06/ubuntu/serverguide/C/httpd.html#https-configuration

I had to remove the +CompatEnvVars from

SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

because it said it was an invalid command or something. So having removed that and following the instructions to the nail it get the error:

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

I'm new to SSL, any advice on what's going wrong?

Shower answered 29/3, 2010 at 14:38 Comment(0)

C

82

I've just experienced this issue. For me it appeared when some erroneous code was trying to redirect to HTTPS on port 80.

e.g.

https://example.com:80/some/page

by removing the port 80 from the url, the redirect works.

HTTPS by default runs over port 443.

Catenane answered 31/8, 2010 at 13:55 Comment(2)

I had a case where my <VirtualHost *:443> was written <VirtualHost *:443"> (the double quote was a typo, obviously) – Grisgris 5/11, 2014 at 21:55

changing the reference to the gpgkey in my yum.repos.d/filename.repo from https to http fixed the similar issue I had – Azpurua 7/5, 2018 at 23:37

T

32

I used

a2ensite default-ssl

and it worked like a charm.

If you want to force e.g. phpmyadmin to use SSL/https you will run into this problem if this link is missing.

Tallulah answered 6/8, 2012 at 17:4 Comment(0)

F

25

I had that same error. I forgot to create a link from sites-enabled/000-default-ssl to the sites-available/default-ssl file.

> ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl

Frederickafredericks answered 25/3, 2011 at 19:58 Comment(0)

S

16

This seems to be the result you see from Firefox when the server is not configured properly for SSL. Chrome, BTW, just gave a generic "ssl failed" code.

What happens is that the browser sends a SSL handshake when the server is expecting an HTTP request. Server responds with a 400 code and an error message that is much bigger that the handshake message that the browser expects. Hence the FF message.

As we can see from the responses here there are many things that can break the SSL configuration but not stop the server starting or give any hints in error.log.

What I did was systematically check down all the answers until I finally found the right one, right at the bottom.

Here is what I had in the access logs:

rfulton.actrix.co.nz:80 192.168.1.3 - - [09/Oct/2016:13:39:32 +1300] "\x16\x03\x01" 400 0 "-" "-"
rfulton.actrix.co.nz:80 192.168.1.3 - - [09/Oct/2016:13:39:46 +1300] "\x16\x03\x01" 400 0 "-" "-"
rfulton.actrix.co.nz:80 192.168.1.3 - - [09/Oct/2016:13:49:13 +1300] "\x16\x03\x01" 400 0 "-" "-"

Stethoscope answered 9/10, 2016 at 1:40 Comment(0)

S

8

This error also occurs when you have enabled the SSL module (i.e. you have run e.g. a2enmod ssl) but not yet enabled any SSL site entries (i.e you have not run e.g. a2ensite default-ssl).

Schooner answered 13/12, 2012 at 13:4 Comment(0)

F

6

I got this error when I was trying to access a url using curl:

curl 'https://example.com:80/some/page'

The solution was to change https to http

curl 'http://example.com:80/some/page'

Feed answered 21/3, 2019 at 6:13 Comment(5)

How is this a solution? You are now accessing over http rather than https! – Cordi 29/8, 2019 at 11:47

Lets say, it could help an api developer bypass the issue and keep working while the network team is looking into the actual issue. – Feed 13/9, 2019 at 3:34

You can't call this a solution, that would be a workaround! And you're assuming there's other team taking care of the server... Why not assume the error and edit your answer instead of giving excuses? – Cordi 13/9, 2019 at 15:42

I did the same thing, changed https to http For me the reason was that the SSL was installed at the LB, and I was executing the cURL command on the server itself. So, removing the s was a solution to test my API rather than some workaround – Claudeclaudel 31/7, 2020 at 4:57

The solution would probably have been to use curl https://example.com/some/page without the 80 port number. – Hobble 20/1, 2021 at 11:59

V

4

In my case, I needed to install mod_ssl first

yum install mod_ssl

Vanward answered 11/8, 2016 at 20:29 Comment(0)

B

3

In my case I copied a ssl config from another machine and had the wrong IP in <VirtualHost wrong.ip.addr.here:443>. Changed IP to what it should be, restarted httpd and the site loaded over SSL as expected.

Benzophenone answered 15/2, 2016 at 19:33 Comment(0)

B

3

Finally find out the problem:
the port 443 was listening on HTTP instead of HTTPS, changed to HTTPS solved my issue.

Brasserie answered 28/12, 2020 at 8:33 Comment(1)

This helped me realize I had not set the HTTP certificate paths during XCP-NG test installation. A simple config correction and update fixed it. – Purpure 20/9, 2023 at 14:48

H

1

In my case I accidentally used SSL in the Virtualhost configuration for port 80, instead of 443.

Hetaerism answered 19/8, 2012 at 7:57 Comment(0)

E

1

In my case, an Ubuntu system, in ports.conf I had

NameVirtualHost *:80
NameVirtualHost 192.168.1.79
Listen 80

And then, inside , I had

NameVirtualHost *:443
Listen 443

All I had to do was remove the line NameVirtualHost 192.168.1.79. Restarted apache and problem solved.

Eleazar answered 9/11, 2012 at 21:25 Comment(1)

apache2 2.4.7 says NameVirtualHost has no effect and will be removed in the next release /etc/apache2/ports.conf:xx – Absorbance 9/6, 2014 at 11:10

U

1

My case is related to Greg B's -- Visual Studio creates two sites when SSL is enabled -- one for secure, and one for normal http requests. However Visual Studio chooses two ports at random, and depending on how you start the debugger you might be pointing towards the wrong page for the request type. Especially if you edit the URL but don't change the port number.

Seeing these posts jogged my memory.

I know this isn't APACHE related, but it is definitely a page that people with that error will find..

Unwise answered 7/10, 2015 at 14:50 Comment(0)

D

0

I got the same error after enabling TLSv1.2 in webmin. Right after I enabled TLSv1.2 by accident thinking it was SSLv2, I was not able to log in from https://myipaddress:10000 like I did before. I found this link http://smallbusiness.chron.com/disable-ssl-webmin-miniserv-60053.html and it helped me because I was able to access webmin config file and I was able TLSv1.2

Defendant answered 30/5, 2017 at 22:14 Comment(0)

F

0

If you are upgrading from an older version of apache2, make sure your apache sites-available conf files end in .conf and are enabled with a2ensite

Flaccid answered 4/6, 2019 at 9:57 Comment(0)

K

0

Below Solution worked for me :

Type About:Config in the Address Bar and press Enter.

“This Might void your warranty!” warning will be displayed, click on I’ll be careful, I Promise button.

Type security.ssl.enable_ocsp_stapling in search box.

The value field is true, double click on it to make it false.

Now try to connect your website again.

Katabatic answered 23/10, 2019 at 20:18 Comment(1)

What does this do? Could you explain your answer and why it works? – Metaprotein 18/7, 2023 at 3:34

A

0

On My side, Error if nginx.conf like

server {
listen 443;
}

curl: (35) SSL received a record that exceeded the maximum permissible length.

Solution:

server {
listen 443 ssl;
}

It's working fine after adding ssl after 443

Accolade answered 7/4, 2022 at 15:6 Comment(0)

Recommended topics

Hot tags