SSL_ERROR_RX_RECORD_TOO_LONG failure

Hello guys!

I know there are a lot of Users reporting that the browser returns SSL_ERROR_RX_RECORD_TOO_LONG but I did not found any solution for my problem… so I hope that u can help me.

I am using HAProxy as a forwarding proxy! I got any local server and so I am not using load balancing.
To make it easier… my simplified haproxy.conf:

frontend https_front
bind *:443 transparent
mode tcp

some ACLs…

use_backend https_back

backend https_back
mode tcp
source 0.0.0.0 usesrc client
server sv 0.0.0.0

everything works great! UNTIL i change the server config to “server sv 0.0.0.0 ssl”. When I config in this way the Client’s Browser is showing: An error occurred during a connection to www.facebook.com. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

Why I need the ssl option? I added a fetch method to the source code to read out the common name of the backend-servers certificate and this only works if the ssl option is present - otherwise it seems like that haproxy do not verify the backend connection as a SSL/TLS connection and so I can not get the certificate (in a easy way).

May u have ideas for me… this would save me a lot of time of editing more code.

Having SSL on the server line will make it try to connect SSL to the backend(Re-Encrypt), as you are not offloading the SSL this is not required.

If you do decide that you need it then add SSL to the frontend also to decrypt the SSL.

1 Like