PFSense - Troubleshooting - SSL_ERROR_RX_RECORD_TOO_LONG

Getting the error SSL_ERROR_RX_RECORD_TOO_LONG when attempting to access multiple different sites, sometimes goes away with refresh but sometimes persists.

Usually when using Squid option of Splice All for SSL/MITM Mode.

Can't connect to 192.168.1.1:443 (certificate verify failed)

SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 50.

Check:

openssl s_client -connect 192.168.1.1:443

returns:

...
Verify return code: 21 (unable to verify the first certificate)
...

The SSL_ERROR_RX_RECORD_TOO_LONG message from Firefox typically comes as a result of a mis-configuration on the server side.

The two most predominant causes of the SSL_ERROR_RX_RECORD_TOO_LONG message from the server side:

• The listening port mis-configured – If you want your website to establish secure connections you must configure it to use Port 443.
• The system does not support an adequate TLS version – This problem arose ten years ago with the advent of TLS 1.2 and is appearing again with TLS 1.3.

• Services → SquidGuard Proxy Filter → Common ACL → ALL to allow

• May need to refresh the browser cache:
  • CTRL F5
  • CTRL+SHIFT+r
  • SHIFT+reload button

• Might need to turn off support for the newest and most secure connection protocol, TLS 1.3.
  • In Firefox
    • Type about:config in the address bar and press Enter/Return.
    • In the search box above the list, type TLS.
    • Double-click the security.tls.version.max preference to display a dialog where you can edit the value from 4 to 3 (or in other words, from TLS 1.3 to TLS 1.2).
    • Then click OK.