Azure Static Hosting: Error code: SSL_ERROR_RX_RECORD_TOO_LONG

LAUWER 40 Reputation points
2024-03-18T04:06:18.7966667+00:00

Hosting a simple create-react-app on Azure Static Web App (free plan).

Using default auto-generated name and certificates (no custom domain, no custom certificates, all generated by Azure).

App works for a few minutes then immediately gets SSL error (browser refuses to go to site)

Secure Connection Failed

An error occurred during a connection to my-generated-name-someguid.5.azurestaticapps.net. SSL received a record that exceeded the maximum permissible length.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG

  • The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
  • Please contact the website owners to inform them of this problem.

I have another similar app that I deployed some days ago (and redeployed countless times) which always works.

Any ideas?

Azure Static Web Apps
Azure Static Web Apps
An Azure service that provides streamlined full-stack web app development.
927 questions
{count} votes

Accepted answer
  1. TP 94,311 Reputation points
    2024-03-21T23:20:43.9066667+00:00

    @LAUWER I like your idea in regards to using custom domain, however, I'm concerned that M365 anti-spam engine will see that it resolves to the *.5 and quarantine it anyway. I've not tested it, so maybe it will work fine.

    In terms of a solution, I was thinking you could open an Azure support request under Static Web Apps (SWA) service and put pressure on them to investigate internally with M365 team. Similarly, you could open support request on M365 side as well, inquiring why a new Static Web App is being quarantined when it has no prior history of being a phishing site (or even existing for that matter).

    Making progress with the support case(s) will likely take some patience as I would guess at the lower levels they will potentially want to shift blame and say their service is operating fine so there is nothing they can do. This is where polite pushback will hopefully get them to escalate further.

    One question for them is, Are they okay with a large swath of SWA FQDNs being "blacklisted" by default, by their own malware detection mechanism?

    On separate note is what is happening with your local ISP firewall/modem/router device. I don't know what is going on with that, if it is looking to some sort of shared blacklist database, or what? And if it is, why is it causing strange error instead of simply blocking the connection to the site altogether? I think this might require taking in-depth look at the specific hardware device and its configuration options, and local packet capture and analysis.

    Maybe updating the ISP firewall/modem to latest firmware will magically "fix" the SSL_ERROR_RX_RECORD_TOO_LONG error. Worth a try.

    If the above is an acceptable "Answer" to you I will convert it to answer so you can accept it, otherwise if it isn't acceptable (I understand if that is how you feel) I will leave it as a comment. Maybe someone else can chime in here and give new/better insight.

    Thanks for reading this far.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.