That's actually one of the kinds of issues expected if the port information was wrong; i.e. if you specified "https://" as the protocol, but then left the port value as "80". Trying to force the browser to speak TLS/SSL to a non-encrypted HTTP port will easily result in SSL_ERROR_RX_RECORD_TOO_LONG, when TLS tries to negotiate with a server that isn't making any attempt to negotiate.J_M wrote: ↑Mon Jun 24, 2019 8:09 pmSomething else just popped up. I had been successful logging into phpbb via FF w/ cookies turned off. But now I'm getting :Error code: SSL_ERROR_RX_RECORD_TOO_LONG after adding my username/password. But if I clear out the port number "80:" from the URL I can access the forum and I've been logged in?
If I go back to the earlier discussion and remove the "Force server URL settings" the problem goes away. Is this unrelated to the 403/cookies errors?
If you haven't bee using "Force server URL settings" before this week in order to overcome some server limitation, you don't actually want this setting enabled, and should leave it set to "No". Which allows phpBB to default rather than "forcing" a specific setting is best, so long as phpBB is able to detect correct defaults from the server it's running on.
In the future if you're ever required to set "Force server URL settings" to "Yes", you'll need to also ensure all of the fields are either blank (in order to continue defaulting) or are set to correct values (such as port 443 if you're using HTTPS, instead of 80).
Leaving "Cookie secure" enabled is best. Your site is going to force people to use HTTPS anyway, so instructing the browser to only submit the cookie over HTTPS connections is appropriate. Having it enabled prevents using the cookies during whatever brief HTTP-only connection might be made before the browser is being redirected to make an HTTPS connection by the .htaccess rewrite rule.