You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Robert Moskowitz <rg...@htt-consult.com> on 2017/04/04 21:09:52 UTC

[users@httpd] SSL_ERROR_RX_RECORD_TOO_LONG

New 2.4 server on Centos; first attempt to connect via TLS and get:

An error occurred during a connection to webmail.test.htt-consult.com. 
SSL received a record that exceeded the maximum permissible length. 
Error code: SSL_ERROR_RX_RECORD_TOO_LONG

my conf file has:

          SSLEngine On
          SSLCertificateFile 
/etc/pki/tls/certs/webmail.test.htt-consult.com.crt
          SSLCertificateKeyFile 
/etc/pki/tls/private/webmail.test.htt-consult.com.key

4 -rw-------. 1 root root 1395 Mar 22 11:14 webmail.test.htt-consult.com.crt

and

4 -rw-r-----. 1 root root 1704 Mar 22 11:14 webmail.test.htt-consult.com.key

thanks


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] SSL_ERROR_RX_RECORD_TOO_LONG

Posted by Robert Moskowitz <rg...@htt-consult.com>.


On 04/04/2017 05:37 PM, Eric Covener wrote:
> On Tue, Apr 4, 2017 at 5:34 PM, Robert Moskowitz <rg...@htt-consult.com> wrote:
>> Now what do I do????
> Every vhost with *:443 should have SSLEngine ON.
>
>
I am seeing that.  I have to relook at how roundcubemail NORMALLY 
configures its helper urls and adjust that to my new setup.  I am 
beginning to see where I have to go with this.  Once you start down a 
divergent path for the default setup, you have to carry it through...

Fun.  Not.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] SSL_ERROR_RX_RECORD_TOO_LONG

Posted by Eric Covener <co...@gmail.com>.

On Tue, Apr 4, 2017 at 5:34 PM, Robert Moskowitz <rg...@htt-consult.com> wrote:
> Now what do I do????

Every vhost with *:443 should have SSLEngine ON.


-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] SSL_ERROR_RX_RECORD_TOO_LONG

Posted by Robert Moskowitz <rg...@htt-consult.com>.


On 04/04/2017 05:17 PM, Eric Covener wrote:
> On Tue, Apr 4, 2017 at 5:09 PM, Robert Moskowitz <rg...@htt-consult.com> wrote:
>> An error occurred during a connection to webmail.test.htt-consult.com. SSL
>> received a record that exceeded the maximum permissible length. Error code:
>> SSL_ERROR_RX_RECORD_TOO_LONG
> It usually means you're talking SSL to a non-SSL port.  Check out your
> vhosts  (apachectl -S), and listen directives, and the context of
> SSLEngine.
>
httpd -S reports:

VirtualHost configuration:
*:80                   is a NameVirtualHost
          default server z9m9z.test.htt-consult.com 
(/etc/httpd/conf.d/00-init.conf:3)
          port 80 namevhost z9m9z.test.htt-consult.com 
(/etc/httpd/conf.d/00-init.conf:3)
          port 80 namevhost webmail.test.htt-consult.com 
(/etc/httpd/conf.d/roundcubemail.conf:1)
                  alias webmail
*:443                  is a NameVirtualHost
          default server z9m9z.test.htt-consult.com 
(/etc/httpd/conf.d/00-init.conf:10)
          port 443 namevhost z9m9z.test.htt-consult.com 
(/etc/httpd/conf.d/00-init.conf:10)
          port 443 namevhost webmail.test.htt-consult.com 
(/etc/httpd/conf.d/roundcubemail.conf:16)
                  alias webmail
          port 443 namevhost z9m9z.test.htt-consult.com 
(/etc/httpd/conf.d/ssl.conf:56)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

roundcubemail.conf has:

<VirtualHost *:80>

#          Alias /roundcubemail /usr/share/roundcubemail
#          Alias /webmail /usr/share/roundcubemail

          ServerName webmail.test.htt-consult.com
          ServerAlias webmail

          Redirect permanent / https://webmail.test.htt-consult.com/
          ExpiresDefault "access plus 1 years"
          php_admin_flag session.cookie_secure "1"

</VirtualHost>


<VirtualHost *:443>

# Round Cube Webmail is a browser-based multilingual IMAP client
#

#          Alias /roundcubemail /usr/share/roundcubemail
#          Alias /webmail /usr/share/roundcubemail

          ServerName webmail.test.htt-consult.com
          ServerAlias webmail

          SSLEngine On
          SSLCertificateFile 
/etc/pki/tls/certs/webmail.test.htt-consult.com.crt
          SSLCertificateKeyFile 
/etc/pki/tls/private/webmail.test.htt-consult.com.key

          DocumentRoot /usr/share/roundcubemail

<Directory /usr/share/roundcubemail/>
          Require ip 192.168.0.0/16
# You can enlarge permissions once configured
#          Require all granted
          php_admin_flag session.cookie_secure "1"
</Directory>

</VirtualHost>

# Define who can access the installer
# keep this secured once configured

<Directory /usr/share/roundcubemail/installer/>
# You may want to restrict the installer to a single IP address
          Require ip 192.168.0.0/16
</Directory>


The URL I put into firefox was:

http://webmail.test.htt-consult.com/installer/

Which got rewritten to:

https://webmail.test.htt-consult.com/installer/

Which is not in a virtual host....

Now what do I do????

Sigh.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] SSL_ERROR_RX_RECORD_TOO_LONG

Posted by Eric Covener <co...@gmail.com>.

On Tue, Apr 4, 2017 at 5:09 PM, Robert Moskowitz <rg...@htt-consult.com> wrote:
> An error occurred during a connection to webmail.test.htt-consult.com. SSL
> received a record that exceeded the maximum permissible length. Error code:
> SSL_ERROR_RX_RECORD_TOO_LONG

It usually means you're talking SSL to a non-SSL port.  Check out your
vhosts  (apachectl -S), and listen directives, and the context of
SSLEngine.

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org