You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Robert Moskowitz <rg...@htt-consult.com> on 2017/04/04 21:09:52 UTC
[users@httpd] SSL_ERROR_RX_RECORD_TOO_LONG
New 2.4 server on Centos; first attempt to connect via TLS and get:
An error occurred during a connection to webmail.test.htt-consult.com.
SSL received a record that exceeded the maximum permissible length.
Error code: SSL_ERROR_RX_RECORD_TOO_LONG
my conf file has:
SSLEngine On
SSLCertificateFile
/etc/pki/tls/certs/webmail.test.htt-consult.com.crt
SSLCertificateKeyFile
/etc/pki/tls/private/webmail.test.htt-consult.com.key
4 -rw-------. 1 root root 1395 Mar 22 11:14 webmail.test.htt-consult.com.crt
and
4 -rw-r-----. 1 root root 1704 Mar 22 11:14 webmail.test.htt-consult.com.key
thanks
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SSL_ERROR_RX_RECORD_TOO_LONG
Posted by Robert Moskowitz <rg...@htt-consult.com>.
On 04/04/2017 05:37 PM, Eric Covener wrote:
> On Tue, Apr 4, 2017 at 5:34 PM, Robert Moskowitz <rg...@htt-consult.com> wrote:
>> Now what do I do????
> Every vhost with *:443 should have SSLEngine ON.
>
>
I am seeing that. I have to relook at how roundcubemail NORMALLY
configures its helper urls and adjust that to my new setup. I am
beginning to see where I have to go with this. Once you start down a
divergent path for the default setup, you have to carry it through...
Fun. Not.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SSL_ERROR_RX_RECORD_TOO_LONG
Posted by Eric Covener <co...@gmail.com>.
On Tue, Apr 4, 2017 at 5:34 PM, Robert Moskowitz <rg...@htt-consult.com> wrote:
> Now what do I do????
Every vhost with *:443 should have SSLEngine ON.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SSL_ERROR_RX_RECORD_TOO_LONG
Posted by Robert Moskowitz <rg...@htt-consult.com>.
On 04/04/2017 05:17 PM, Eric Covener wrote:
> On Tue, Apr 4, 2017 at 5:09 PM, Robert Moskowitz <rg...@htt-consult.com> wrote:
>> An error occurred during a connection to webmail.test.htt-consult.com. SSL
>> received a record that exceeded the maximum permissible length. Error code:
>> SSL_ERROR_RX_RECORD_TOO_LONG
> It usually means you're talking SSL to a non-SSL port. Check out your
> vhosts (apachectl -S), and listen directives, and the context of
> SSLEngine.
>
httpd -S reports:
VirtualHost configuration:
*:80 is a NameVirtualHost
default server z9m9z.test.htt-consult.com
(/etc/httpd/conf.d/00-init.conf:3)
port 80 namevhost z9m9z.test.htt-consult.com
(/etc/httpd/conf.d/00-init.conf:3)
port 80 namevhost webmail.test.htt-consult.com
(/etc/httpd/conf.d/roundcubemail.conf:1)
alias webmail
*:443 is a NameVirtualHost
default server z9m9z.test.htt-consult.com
(/etc/httpd/conf.d/00-init.conf:10)
port 443 namevhost z9m9z.test.htt-consult.com
(/etc/httpd/conf.d/00-init.conf:10)
port 443 namevhost webmail.test.htt-consult.com
(/etc/httpd/conf.d/roundcubemail.conf:16)
alias webmail
port 443 namevhost z9m9z.test.htt-consult.com
(/etc/httpd/conf.d/ssl.conf:56)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48
roundcubemail.conf has:
<VirtualHost *:80>
# Alias /roundcubemail /usr/share/roundcubemail
# Alias /webmail /usr/share/roundcubemail
ServerName webmail.test.htt-consult.com
ServerAlias webmail
Redirect permanent / https://webmail.test.htt-consult.com/
ExpiresDefault "access plus 1 years"
php_admin_flag session.cookie_secure "1"
</VirtualHost>
<VirtualHost *:443>
# Round Cube Webmail is a browser-based multilingual IMAP client
#
# Alias /roundcubemail /usr/share/roundcubemail
# Alias /webmail /usr/share/roundcubemail
ServerName webmail.test.htt-consult.com
ServerAlias webmail
SSLEngine On
SSLCertificateFile
/etc/pki/tls/certs/webmail.test.htt-consult.com.crt
SSLCertificateKeyFile
/etc/pki/tls/private/webmail.test.htt-consult.com.key
DocumentRoot /usr/share/roundcubemail
<Directory /usr/share/roundcubemail/>
Require ip 192.168.0.0/16
# You can enlarge permissions once configured
# Require all granted
php_admin_flag session.cookie_secure "1"
</Directory>
</VirtualHost>
# Define who can access the installer
# keep this secured once configured
<Directory /usr/share/roundcubemail/installer/>
# You may want to restrict the installer to a single IP address
Require ip 192.168.0.0/16
</Directory>
The URL I put into firefox was:
http://webmail.test.htt-consult.com/installer/
Which got rewritten to:
https://webmail.test.htt-consult.com/installer/
Which is not in a virtual host....
Now what do I do????
Sigh.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SSL_ERROR_RX_RECORD_TOO_LONG
Posted by Eric Covener <co...@gmail.com>.
On Tue, Apr 4, 2017 at 5:09 PM, Robert Moskowitz <rg...@htt-consult.com> wrote:
> An error occurred during a connection to webmail.test.htt-consult.com. SSL
> received a record that exceeded the maximum permissible length. Error code:
> SSL_ERROR_RX_RECORD_TOO_LONG
It usually means you're talking SSL to a non-SSL port. Check out your
vhosts (apachectl -S), and listen directives, and the context of
SSLEngine.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org