The problem with these articles is that they\u2019re written to check boxes on an SEO checklist instead of written from a security-first standpoint. And in this context that\u2019s dangerous because Google\u2019s algorithm rewards the SEO-optimized misinformation over more accurate descriptions that weren\u2019t necessarily meant to rank well.<\/p>\n
So, today we\u2019ll use our own SEO powers for good and talk about the SSL_ERROR_RX_RECORD_TOO_LONG Firefox error. There seems to be a lot of confusion over what this error actually is. What it means. How to fix it. And apparently we also need to outline some things that you definitely shouldn\u2019t do.<\/p>\n
So, let\u2019s hash it out.<\/span><\/p>\n The SSL_ERROR_RX_RECORD_TOO_LONG message from Firefox typically comes as a result of a misconfiguration on the server side. Contrary to what a lot of these guides will tell you, there usually isn\u2019t a whole lot that a regular internet user can do to overcome the SSL_ERROR_RX_RECORD_TOO_LONG message. Most of the advice is dangerous. It asks the user to adjust something to accommodate what is, in all reality, bad security on the part of the website you\u2019re trying to visit.<\/p>\n The vast majority of the time, the SSL_ERROR_RX_RECORD_TOO_LONG message occurs because of one of those two issues on the server-side. Let\u2019s go over how to fix both of these, and then we\u2019ll go over some possible other fixes from the client side\u2014as well as what not to do from the client side. Let\u2019s start with the simplest of the two\u2026<\/p>\n<\/span><\/span>\n TLS 1.3 was formally published in the middle of August as RFC 8446<\/a>. It\u2019s not exactly new though, over about 28 drafts the standard was debated and refined, but plenty of major industry players knew enough of what would be in the standard to begin rolling out support for it<\/a>. As such, most major browsers already have TLS 1.3 active<\/a> and many servers have already begun to upgrade.<\/p>\n So, what do you need to do to improve TLS version support? You\u2019re going to need to update your SSL\/TLS library<\/strong>. The majority of servers and systems use the Open SSL library, which pushed out its 1.1.1 update in September<\/a> and supports TLS 1.3.<\/p>\n If you\u2019re not ready to support TLS 1.3 for whatever reason, at least make sure you\u2019re supporting TLS 1.2. Support for TLS 1.0 and SSL 3.0 should now be fully deprecated<\/a> and disabling TLS 1.1 is also strongly advised<\/a>. So, to recap:<\/p>\n Upgrading Open SSL is going to vary from server to server, but there\u2019s plenty of documentation to help you with it<\/a>.<\/p>\n As we mentioned earlier, the correct listening port for HTTPS traffic is 443. So if you\u2019re using an irregular port or you don\u2019t have a trusted SSL\/TLS certificate<\/a> on that port, you\u2019re potentially going to trigger the SSL_ERROR_RX_RECORD_TOO_LONG message.<\/p>\n Again, the exact way to fix this is going to vary based on server type, but if you just Google: Server Name + Port 443 + HTTPS, you should be fine.<\/p>\n One more thing: be extra careful to get the exact nomenclature correct, too. For instance on NGinX servers \u201clisten 443\u201d won\u2019t work like you want, but \u201clisten 443 ssl\u201d will. Now let\u2019s talk about what can be done from a user standpoint\u2026<\/p>\n In some rare cases, clearing or bypassing the cache can fix this issue. The easiest way to test this is to just open up an Incognito or Private Window and trying to access the website that way\u2014sans cache and cookies. In addition to going incognito, you can also use:<\/p>\n This probably won\u2019t work, but it might. At least it\u2019s not actively dangerous.<\/p>\n This is the point where we officially begin approaching the dangerous advice. Here\u2019s the thing, right now Microsoft has yet to roll out full support for TLS 1.3. So, if you\u2019re a Microsoft user, it might help to drop the TLS version support down by one<\/a>. It could be a case where a website supports TLS 1.3 and Firefox thinks it does, too. But the Operating System running Firefox can\u2019t and it creates the SSL_ERROR_RX_RECORD_TOO_LONG error.<\/p>\n The way Firefox numbers its version support can be confusing. 1 is for TLS 1.0, so 4 is TLS 1.3 and 3 is TLS 1.2.<\/p>\n I can\u2019t reiterate this enough, do not go further back than TLS 1.2<\/strong>.<\/p>\n At this point TLS 1.2 has been out ten years, its successor has been published. There is almost no excuse for websites not to support at least 1.2. Previous TLS versions\u00a0 have known vulnerabilities.<\/p>\n Here are a few other pieces of non-dangerous advice that could potentially solve Firefox\u2019s SSL_ERROR_RX_RECORD_TOO_LONG message. They probably won\u2019t, because most of them don\u2019t actually deal with the source of the problem, but give them a try because who knows\u2026<\/p>\n Now let\u2019s talk about some things that you definitely shouldn\u2019t do if you\u2019re an internet user dealing with the Firefox SSL_ERROR_RX_RECORD_TOO_LONG message. A lot of these are just bad advice, and even if they would work to solve your problem they would also open up a bunch of attack vectors. You almost have to ask yourself, is going to this site worth risking an infected computer or worse? The answer is almost always no.<\/p>\n So here are a few suggestions of what NOT to do:<\/p>\n There\u2019s a reason that Google is twisting the entire internet\u2019s arm to get it to migrate to HTTPS<\/a>. HTTP has faithfully served the internet for about two decades, but it was never designed for secure transmission of data. HTTP was designed back in a time when commercial activity was banned and the internet was solely intended for sharing information between the government and academia. HTTPS was created out of necessity when commercial activity eventually did become part of the internet.<\/p>\n The quickest way to access the website that is being blocked by the irksome Secure Connection Failed message is to replace https:\/\/ with http:\/\/ at the beginning of the URL. This workaround has proved useful to many users, so you are free to give it a try.<\/p><\/blockquote>\n \u2026is retrograde and needs to be called out. Not only is this bad advice in this very specific context, but teaching people that reverting back to HTTP is just bad for cybersecurity in general. The idea is that HTTPS should become so commonplace that it\u2019s an afterthought, it\u2019s not something that should be positioned as hindrance to visiting your favorite websites.<\/p>\nWhat is SSL_ERROR_RX_RECORD_TOO_LONG?<\/h2>\n
![\"SSL_ERROR_RX_RECORD_TOO_LONG](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/10\/bigstock-Error-Browser-Vector-Icon-Fil-242176321-e1540917868244-300x300.jpg\"){kind=icon}
Let\u2019s start by covering the two most predominant causes of the SSL_ERROR_RX_RECORD_TOO_LONG message from the server side:<\/p>\n\n
Upgrade TLS Version Support to fix SSL_ERROR_RX_RECORD_TOO_LONG<\/h2>\n
\n
![\"OpenSSL\"](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/10\/OpenSSL.jpeg\")
<\/p>\nConfiguring the correct listening port to fix SSL_ERROR_RX_RECORD_TOO_LONG<\/h2>\n
![\"Clear](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/10\/bigstock-Lan-Port-Icon-In-Outline-Style-262876930-e1540918005927-300x300.jpg\"){kind=icon}
<\/p>\nFixing SSL_ERROR_RX_RECORD_TOO_LONG for Regular Users<\/h2>\n
Clear your Cache<\/h2>\n
\n
Change the security.tls.version.max preference<\/h2>\n
![\"TLS](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/10\/TLS-1.3-300x283.jpg\")
So, if you are a Microsoft user, and only if, you may want to drop support for TLS 1.3 temporarily. Here\u2019s how:<\/p>\n\n
Some other things that might fix SSL_ERROR_RX_RECORD_TOO_LONG but probably won\u2019t<\/h2>\n
\n
![\"SSL_ERROR_RX_RECORD\"](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/10\/bigstock-210378274-300x300.jpg\")
Try browsing in Incognito mode \u2013 We touched on this earlier, but sometimes this can fix the issue.<\/li>\nWhat you definitely SHOULDN\u2019T do to fix SSL_ERROR_RX_RECORD_TOO_LONG<\/h2>\n
Don\u2019t switch to HTTP<\/h2>\n
![\"HTTP\"](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/10\/HTTP-Icon-300x237.jpg\"){kind=icon}
Today, in 2018, it\u2019s the standard. The default. You should expect your communication with websites to be encrypted as a matter of course. So advice like this<\/a>\u2026<\/p>\n
![\"Hashed](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/08\/bigstock-222348568.jpg\")
<\/p>\n