[squid-users] SSL_ERROR_RX_RECORD_TOO_LONG

Alex Rousskov rousskov at measurement-factory.com
Tue Apr 30 14:36:26 UTC 2019


On 4/30/19 8:04 AM, Giacomo Trovato wrote:

> I've pfSense with Squid + SquidGuard (Splice All - no CA certificate).
> It worked well until one month ago, now sometimes appears the error
> message SSL_ERROR_RX_RECORD_TOO_LONG (see attachment).
> It appears randomly on all PC / smartphone on different HTTPS sites.
> The devices connected directly (no proxy) work properly.
> Any hint?


What is your current Squid version?

The browser claims that your Squid sent it a very long (most likely
malformed) TLS record. If this does not happen without Squid, then this
is likely a Squid bug. I see references to similar problems in old
(Squid v3) web posts.

* If you can reproduce with Squid v4 or later, the best next step is to
share a packet capture of the offending transaction along with the
cache.log after setting debug_options to ALL,9. Please compress large
files before sharing.

* If you cannot reproduce with Squid v4 or later, then the best next
step is to upgrade your Squid.


HTH,

Alex.


More information about the squid-users mailing list