Wordpress http only


#1

Wordpress only works on http. No redirects to https. Adding https to url means Error code: SSL_ERROR_RX_RECORD_TOO_LONG.
Have had it running flawlessly for months until 503’s blocked access to website. Hosting ruined my website. i got it running now, but can’t get Cloudflare to run correctly.


#2

What’s the domain?

Can you also make sure that on the Crypto settings page on your Cloudflare Dashboard that you have SSL set to Flexible or Full? And there should be some Status indication of an Active certificate in that settings box.


#3

cargovanconversion.com
Flexible and Universal SSL Status Active Certificate
It all worked fine for months until the hosting company messed up my plugins.
Van Williams


#4

The site is fine. It could just be a DNS or browser cache issue at your end.
https://documentation.cpanel.net/display/CKB/How+To+Clear+Your+DNS+Cache


#5

what web browser you testing with could be TLS 1.3 related https://support.mozilla.org/en-US/questions/1222739

Certificate warnings

Firefox uses certificates on secure websites to ensure that your information is being sent to the intended recipient and can’t be read by eavesdroppers. For a list of certificate warnings and error codes, see the article What does “Your connection is not secure” mean?.

using any antivirus products from avast or avg or eset as they maybe configured to man in the middle (MITM) your connection between the computer and your sites https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message#w_avast-and-avg-security-products

If you use a security product by Avast or AVG, it may be intercepting secure connections by default. Avast and AVG products may not be ready for the most recent and secure TLS 1.3 specification used in the latest versions of Firefox. As a result, Firefox users may see intermittent Secure Connection Failed error pages with the error code SSL_ERROR_RX_RECORD_TOO_LONG on secure websites such as Google and others.

ESET and NOD32 security products

If you use an ESET security product such as NOD32 Antivirus or ESET Internet Security, turning off one of the following settings and then turning it back on may help eliminate the error.

  • Enable application protocol content filtering
  • Enable SSL/TLS protocol filtering

Cloudflare and enabled TLS 1.3 support is safe guards against MITM configurations as such. Or could be differing TLS 1.3 version support in different clients https://bugzilla.mozilla.org/show_bug.cgi?id=1468892 ?

Thanks! The main difference I see between 60 and 62 is negotiating different TLS 1.3 draft versions. We might be able to tell more if you capture the traces again with the environment variable SSLKEYLOGFILE set to some temporary path (note: you probably want to do that with a new profile or in private browsing mode so you don’t leak any cookies (and also don’t log in to anything when you do)).

Hello,

We have released a new version of Web Shield (aswStreamFilter.dll) yesterday (July 24, 2018).
This version contains all the fixes and once again enables HTTPS scanning in Firefox (for people that have got the fixed version only).

AV version 18.5.3931
aswStreamFilter.dll version: 18.5.3931.434

Filip
Avast Team

When specifically did the issue start ? TLS 1.3 RFC final version was recently finalised and started showing up in web server and crypto library support i.e. nginx 1.15.3+, openssl 1.1.1 and boringssl. But alot of web browser/clients are still stuck on TLS 1.3 draft 23 or 28 support


#6

looks like https version of your site supports TLS 1.3 draft 23, 28 and final on cloudflare edge according to testssl test

 Testing protocols via sockets except NPN+ALPN 

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      offered
 TLS 1.1    offered
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): draft 28, draft 23, final
 NPN/SPDY   not offered
 ALPN/HTTP2 h2, http/1.1 (offered)

#7

Strange. From my browser I still can only connect thru HTTP, but if I use a VPN it’s HTTPS. My Linux system doesn’t cache DNS.
Van Williams


#8

To troubleshoot, try turning off TLS 1.3 in Cloudflare console for your site and see what happens could be your browser and/or system isn’t ready to talk TLS 1.3 with Cloudflare.


#9

I test out on Firefox, Chrome, Opera and PaleMoon (Firefox) on a Linux Mint system.
It started this weekend, when I started getting 503’s.Before the hosting company found out that their hosting system was at fault, they had inactivated my plugins and who knows what more. I got everything together again, exact same installation and plugins, but it just doesn’t work right.
Van Williams