TL;DR
If every Real-Debrid call suddenly bombs with\ TLS connect error: packet length too long (or invalid SSL record) and you’re on a Turkish ISP, the state DPI filter is intercepting api.real-debrid.com ( 94.140.0.0/16 ).
Point your client at https://app.real-debrid.com instead—or route that /16 through a VPN—and everything works again.
What Happened? Early 2025: Turkey’s national content-filtering infrastructure quietly added the entire 94.140.0.0/16 range (Real-Debrid’s API/download servers) to its block list. The filter works even on port 443. When your client starts a TLS handshake, the DPI box injects a plain-text HTTP page (“Access denied”) instead of letting the SSL packets through. OpenSSL/mbedTLS instantly bails out, surfacing cryptic errors like packet length too long or invalid SSL record. The public front-end real-debrid.com lives on Cloudflare (different IPs) and still loads fine, so Real-Debrid’s own /vpn checker says “Your IP isn’t blocked,” adding to the confusion. How We Diagnosed It Test Result Interpretation curl -I https://api.real-debrid.com/rest/1.0/user TLS connect error… Remote side sent non-TLS bytes. curl -I https://app.real-debrid.com/rest/1.0/user HTTP/1.1 200 OK Alternate host works; block is IP-based. Packet capture (tcpdump -A host 94.140.4.10) Immediately shows HTTP/1.1 403 in plain text Proof the block page is injected before TLS finishes. Mobile data (no Wi-Fi) API accessible Confirms the fixed-line IP range is affected, not user accounts. 2 Ways to Solve It 1 — Switch Hostnames (fastest) Real-Debrid mirrors every API endpoint on app.real-debrid.com. Change your client’s base URL or hijack DNS (/etc/hosts, Pi-hole, OpenWrt dnsmasq). Takes under two minutes, survives router reboots, and needs no VPN.
...