This article shows how to fix the problem of web browsing that fails with an error code SSL_ERROR_RX_RECORD_TOO_LONG. We'll use an example of facebook.com.
Errror code: "SSL_ERROR_RX_RECORD_TOO_LONG" means the web server is sending non-secure (HTTP) data where secure (HTTPS) data is expected by the web browser.
Security policy on the firewall: (refers to URL filtering profile facebook test)
URL Filtering profile on firewall: (social-networking category has action of continue)
With an action of continue on the URL category, the firewall will send a redirect message to the client to prompt users to click Continue to proceed to the web page, as follows:
This Continue redirect message sent by the firewall is an HTTP response:
Note: This redirect message shows the URL category and the security policy rule matched by this traffic.
When browsing to www.facebook.com, the browser makes a request for https://www.facebook.com, as below:
In this case, the firewall sending an HTTP redirect message for continue is treated as an invalid response by the browser and it shows an error, SSL_ERROR_RX_RECORD_TOO_LONG.
Either of the two solutions offered can overcome this issue:
# set deviceconfig setting ssl-decrypt url-proxy yes