Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

False https-requests?

more options

Hello, Not sure exactly where the problem lies with this one. We have a local UrBackup server running, exposing its http-only web interface on http://hostname.local.domain:55414.

I can no longer browse to this address, Firefox responds with

Secure connection failed and the error code SSL_ERROR_RX_RECORD_TOO_LONG

Looking at the GET request, the scheme is set to https and there is only one request, no redirect.

I can however access the site fine by IP, http://192.168.x.x:55414, AND, by using hostname only, http://hostname:55414, letting Windows fill in our DNS suffix as the network is in an Active Directory domain.

I also have a local Apache server running on my machine, only listening on http on standard port 80. Accessing http://localhost is fine, accessing http://myhostname is fine, but accessing http://myhostname.local.domain again causes FF to switch to an https-request.

What makes me confused is that this behaviour is consistent across browsers, Edge, Chrome, Android on my mobile...

Using Bitdefender for AV/FW, disabling it makes no change.

Tried downloading an older version of Firefox (89) and it does NOT show the same behaviour, URLs load as plain http.

Finally, I tried to add test.subdomain.com as a zone in our DNS and add an A record for the IP of the UrBackup-server, and voila, Firefox requests that site as http without complaining!?

Has the global browser market collectively decided that non TLD:s can no longer be accessed using http, or am I overlooking something obvious?

Best regards Alexander

EDIT: I originally included "false HSTS-requests" in the subject, before realizing that this came from FF redirecting to 443 on my local machine, which has a docker instance listening on that port but using a cert for our public domain, not our local one.

Hello, Not sure exactly where the problem lies with this one. We have a local UrBackup server running, exposing its http-only web interface on http://''hostname.local.domain'':55414. I can no longer browse to this address, Firefox responds with ''Secure connection failed'' and the error code ''SSL_ERROR_RX_RECORD_TOO_LONG'' Looking at the GET request, the scheme is set to https and there is only one request, no redirect. I can however access the site fine by IP, http://192.168.x.x:55414, AND, by using hostname only, http://hostname:55414, letting Windows fill in our DNS suffix as the network is in an Active Directory domain. I also have a local Apache server running on my machine, only listening on http on standard port 80. Accessing http://localhost is fine, accessing http://''myhostname'' is fine, but accessing http://''myhostname.local.domain'' again causes FF to switch to an https-request. What makes me confused is that this behaviour is consistent across browsers, Edge, Chrome, Android on my mobile... Using Bitdefender for AV/FW, disabling it makes no change. Tried downloading an older version of Firefox (89) and it does NOT show the same behaviour, URLs load as plain http. Finally, I tried to add test.subdomain.com as a zone in our DNS and add an A record for the IP of the UrBackup-server, and voila, Firefox requests that site as http without complaining!? Has the global browser market collectively decided that non TLD:s can no longer be accessed using http, or am I overlooking something obvious? Best regards Alexander ''EDIT: I originally included "false HSTS-requests" in the subject, before realizing that this came from FF redirecting to 443 on my local machine, which has a docker instance listening on that port but using a cert for our public domain, not our local one.''

Modified by alexander76

Chosen solution

It is possible (likely) that this domain is on the HSTS preload list and thus a secure connection is forced as this happens with other browsers as well.

Read this answer in context 👍 1

All Replies (2)

more options

Chosen Solution

It is possible (likely) that this domain is on the HSTS preload list and thus a secure connection is forced as this happens with other browsers as well.

more options

You are right. The TLD we are using is a fairly common one to use internally, and previously used as a recommended default by a certain big software company. It's now listed on the HSTS preload, along with ALL SUBDOMAINS. Bastards :)

I've googled around and the "best" I could find for Firefox is the setting network.stricttransportsecurity.preloadlist to false. It would be handy to be able to add local exceptions for the preload list instead of disabling it entirely.

Time to change our domain, *sigh*.

Anyway, thanks! Alexander