2

I have written my own webserver in C#.

And I always established SSL certificates for my sites in new IP on port 443. And always it works fine.

But this time I get this error:

Secure Connection Failed

An error occurred during a connection to www.sayehrooshan-co.com. SSL received a record that exceeded the maximum permissible length. Error code:

SSL_ERROR_RX_RECORD_TOO_LONG

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.

this is page address:

https://www.sayehrooshan-co.com

this is my code always worked with .pfx file for other sites:

sslstream = new SslStream(new NetworkStream(mySocket, false), false); //commented for nedaye arzhang X509Certificate2 serverCertificate = new X509Certificate2(Path, Password); //X509Certificate2 serverCertificate = new X509Certificate2("www_nedaye-arzhang_com.cer"); sslstream.AuthenticateAsServer(serverCertificate, false, System.Security.Authentication.SslProtocols.Tls, true);

searched alot but didn't get any solution Anyone get any idea?

Improve this question
0

3 Answers 3

Reset to default
6

The server is broken. Trying with openssl s_client shows that the TLS handshake is done successfully and the certificate is fine, but that it breaks later in the communication:

$ openssl s_client -connect www.sayehrooshan-co.com:443 -servername www.sayehrooshan-co.com -crlf CONNECTED(00000003) ... SSL-Session: Protocol : TLSv1 Cipher : ECDHE-RSA-AES256-SHA ... Verify return code: 0 (ok) --- GET / HTTP/1.1 Host: www.sayehrooshan-co.com 140040623380160:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:365:

Doing a packet capture during the experiment one can see that the server sends plain text on the TLS connection:

> various TLS encrypted stuff from client (likely HTTP request) .... < followed by sudden plain text from the server: Cannot find table 0. at System.Data.DataTableCollection.get_Item(Int32 index) at MyWebServerNamespace.MyWebServer.SetTableRowValue(DataSet& ds, String type, String name, String value) in D:\iteration source - table 13 removed\MyWebServer\MyWebServer.cs:line 4024 at MyWebServerNamespace.MyWebServer.LoadCmsValues(Content cms, Ssl sslClass, DataSet& Ds, DataTable& fileDt, Socket& mySocket, Byte[]& contentBytes, Boolean& showCmsError) in D:\iteration source - table 13 removed\MyWebServer\MyWebServer.cs:line 1761 at MyWebServerNamespace.MyWebServer.HandleTcpRequest(Object state) in D:\iteration source - table 13 removed\MyWebServer\MyWebServer.cs:line 1027 LoadCmsValues enter

The client will try to interpret this plain text message as a TLS record. This means it will parse the initial bytes and extract the TLS protocol version and payload length. Given that this is no TLS record at all these values will be garbage. Depending on the actual implementation of the TLS stack in the client this will then result in error messages like "wrong version number" (the claimed TLS protocol version is not supported) or "SSL_ERROR_RX_RECORD_TOO_LONG" (the length of the payload as specified is not the actual length of the payload) or the more general "ERR_SSL_PROTOCOL_ERROR" or similar.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you so much. Analyzing my code and showing that lines, made my eyes shine that something wrong in my code, I've started remote debug and find the error. Saved me lots of time ;)
1

It is not just C#, Firefox shows the same error message.

"Error code: ssl_error_rx_record_too_long. This usually means the implementation of SSL on your server is not correct. The error is usually caused by a server side problem which the server administrator will need to investigate."

Source

Another page discussing this issue

Firefox:

enter image description here

Chrome

enter image description here

IE

enter image description here

Improve this answer

5 Comments

Doesn't look like an answer to me.
Go to the page with a browser and check it. It seems like a wrong SSL certificate.
@UweKeim I have eddited my answer, added Firefox, Chrome and IE screens hots that shows the page cannot be loaded because of a server side SSL error. The question states the code was working fine. Probably there was an SSL certificate update on the server recently and this has nothing to do to c#, should be fixed on the server side of the website.
@Crick3t I've checked certificate with this link : sslshopper.com/ssl-checker.html#hostname=https://… is there any problem anyone could understand?
@Hamed_gibago You could try this website, it shows more details: link
0

Grasshopper has same problem possibly because of two routers and dns bind being installed on one ip address and ssl mod the other. The fact that Apache2 status is up and running like a charm tells me that it’s an install/ops error. Tomorrow is another day.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.