NSA325 v.2 - SSL_ERROR_RX_RECORD_TOO_LONG while accessing via web

All,
I can't access my NSA from the web because I get the following error message:

<div>Secure Connection Failed<br>An error occurred during a connection to rosclohome.ddns.net:8047. SSL received a record that exceeded the maximum permissible length.<br>Error code: SSL_ERROR_RX_RECORD_TOO_LONG<br></div><div></div>

The NAS has the Force HTTPs option enabled.

Any idea?

All Replies

  • Mijzelf
    Mijzelf Posts: 2,764  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    Accessing via the web? You mean from outside? Does that error not popup when you access the NAS from inside?
  • I mean by outside. I can access from intranet.
  • Mijzelf
    Mijzelf Posts: 2,764  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    When you can access it from intranet, nothing is wrong in the NAS itself.
    I think you did something wrong with port forwards. I *think* you forwarded port 8047 to port 80 of your NAS:

    ~$ telnet rosclohome.ddns.net 8047
    Trying 2.226.223.82...
    Connected to rosclohome.ddns.net (2.226.223.82).
    Escape character is '^]'.
    GET /
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>301 Moved Permanently</title>
    </head><body>
    <h1>Moved Permanently</h1>
    <p>The document has moved <a href="https:///r51009,/playzone,/">here</a>.</p>
    </body></html>
    Connection closed by foreign host.

    This is not http, no headers, but some plain html, which contains a redirect command to connect using https. To my surprise my browser follows the redirection, and it's next step is 'https://rosclohome.ddns.net:8047/r51009,/playzone,/', whichaccording to Wireshark, still gives the same plain html, which the TLS layer cannot decode, resulting in this funny error message.

    You should forward port 8047 (or any other port) to port 443, the https port. In that case the 'force https' doesn't matter, as the NAS isn't reachable on http (port 80) anyway.

    But the lack of headers concerns me. It's does not seem a valid http server, although my browser could do a correct-ish followup. It there some proxy in between?


Consumer Product Help Center