You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Lengyel Tamás <le...@quattrosoft.hu> on 2011/04/01 18:46:36 UTC
tomcat with apr and openssl gives ssl_error_rx_record_too_long
Hi all,
We use tomcat 5.5.30 on ubuntu linux, ssl configured and working (with java= =3D keystore).
We tried to install APR. libapr1-dev, libssl-dev, java (jdk1.6.0_24) instal= =3D led.
tomcat-native-1.1-20-src downloaded, and built correctly ("Loaded APR based= =3D Apache Tomcat Native library 1.1.20" message in catalina.out, no error= mes=3D sages).
We used the free "portecle" application to export private key and certifica= =3D te from the java keystore.
Relevant server.xml parts are:
<Listener className=3D3D"org.apache.catalina.core.AprLifecycleListener"=
S=3D SLEngine=3D3D"on" />
<Connector
protocol=3D3D"org.apache.coyote.http11.Http11AprProtocol"
URIEncoding=3D3D"UTF-8"
acceptCount=3D3D"100"
algorithm=3D3D"${jazz.connector.algorithm}"
clientAuth=3D3D"false"
connectionTimeout=3D3D"20000"
disableUploadTimeout=3D3D"true"
enableLookups=3D3D"false"
SSLCertificateFile=3D3D"/opt/IBM/JazzTeamServer/server/tomcat/rtc.cer"
SSLCertificateKeyFile=3D3D"/opt/IBM/JazzTeamServer/server/tomcat/rtcpk.pem=
"
SSLPassword=3D3D"
maxHttpHeaderSize=3D3D"8192"
maxSpareThreads=3D3D"75"
maxThreads=3D3D"150"
minSpareThreads=3D3D"25"
port=3D3D"9443"
scheme=3D3D"https"
secure=3D3D"true"
SSLEnabled=3D3D"true
SSLProtocol=3D3D"${jazz.connector.sslProtocol}"/>
We tried to omit and change ${jazz.connector.*} parameters without effect s= =3D o we think it's not relevant.
(Rational Team Concert is running on this server, hopefully unrelevant.) Af= ter all, when connecting to the server we've got the mentioned error:
"An error occurred during a connection to https://some-machine:9443.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)"
No error messages in log.
Any instructions, comments, hints appreciated.
Best regards,
Lengyel Tamas
Quattrosoft Kft.
e-mail: lengyel@quattrosoft.hu<ma...@quattrosoft.hu>
RE: tomcat with apr and openssl gives ssl_error_rx_record_too_long
Posted by Lengyel Tamás <le...@quattrosoft.hu>.
Hi!
It was the SSLEngine="on" in the connector. I missed it in the doc somehow and only set in the Listener.
It's working now.
Thanks Konstantin!
Best regards,
Tamas Lengyel
-----Original Message-----
From: Konstantin Kolinko [mailto:knst.kolinko@gmail.com]
Sent: Friday, April 01, 2011 7:18 PM
To: Tomcat Users List
Subject: Re: tomcat with apr and openssl gives ssl_error_rx_record_too_long
2011/4/1 Lengyel Tamás <le...@quattrosoft.hu>:
> Sorry, too much copy/pastes made my mail unreadable. Again:
>
> Hi all,
> We use tomcat 5.5.30 on ubuntu linux, ssl configured and working (with java keystore).
> We tried to install APR. libapr1-dev, libssl-dev, java (jdk1.6.0_24) installed.
> tomcat-native-1.1-20-src downloaded, and built correctly ("Loaded APR based Apache Tomcat Native library 1.1.20" message in catalina.out, no error messages).
> We used the free "portecle" application to export private key and certificate from the java keystore.
> Relevant server.xml parts are:
>
> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
>
> <Connector
> protocol="org.apache.coyote.http11.Http11AprProtocol"
> URIEncoding="UTF-8"
> acceptCount="100"
> algorithm="${jazz.connector.algorithm}"
> clientAuth="false"
> connectionTimeout="20000"
> disableUploadTimeout="true"
> enableLookups="false"
> SSLCertificateFile="/opt/IBM/JazzTeamServer/server/tomcat/rtc.cer"
> SSLCertificateKeyFile="/opt/IBM/JazzTeamServer/server/tomcat/rtcpk.pem"
> SSLPassword=""
> maxHttpHeaderSize="8192"
> maxSpareThreads="75"
> maxThreads="150"
> minSpareThreads="25"
> port="9443"
> scheme="https"
> secure="true"
> SSLEnabled="true
Missing second " after the value above.
> SSLProtocol="${jazz.connector.sslProtocol}"/>
>
> We tried to omit and change ${jazz.connector.*} parameters without effect so we think it's not relevant.
What values they expand to?
> (Rational Team Concert is running on this server, hopefully unrelevant.) After all, when connecting to the server we've got the mentioned error:
>
> "An error occurred during a connection to https://some-machine:9443.
> SSL received a record that exceeded the maximum permissible length.
> (Error code: ssl_error_rx_record_too_long)"
>
> No error messages in log.
And any INFO messages when the connector/protocol starts?
I do not see SSLEngine="on" in your <Connector> and apr.html page of
the docs says that its default value is "off".
What happens if you connect with the HTTP protocol,
http://some-machine:9443
> Any instructions, comments, hints appreciated.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tomcat with apr and openssl gives ssl_error_rx_record_too_long
Posted by Konstantin Kolinko <kn...@gmail.com>.
2011/4/1 Lengyel Tamás <le...@quattrosoft.hu>:
> Sorry, too much copy/pastes made my mail unreadable. Again:
>
> Hi all,
> We use tomcat 5.5.30 on ubuntu linux, ssl configured and working (with java keystore).
> We tried to install APR. libapr1-dev, libssl-dev, java (jdk1.6.0_24) installed.
> tomcat-native-1.1-20-src downloaded, and built correctly ("Loaded APR based Apache Tomcat Native library 1.1.20" message in catalina.out, no error messages).
> We used the free "portecle" application to export private key and certificate from the java keystore.
> Relevant server.xml parts are:
>
> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
>
> <Connector
> protocol="org.apache.coyote.http11.Http11AprProtocol"
> URIEncoding="UTF-8"
> acceptCount="100"
> algorithm="${jazz.connector.algorithm}"
> clientAuth="false"
> connectionTimeout="20000"
> disableUploadTimeout="true"
> enableLookups="false"
> SSLCertificateFile="/opt/IBM/JazzTeamServer/server/tomcat/rtc.cer"
> SSLCertificateKeyFile="/opt/IBM/JazzTeamServer/server/tomcat/rtcpk.pem"
> SSLPassword=""
> maxHttpHeaderSize="8192"
> maxSpareThreads="75"
> maxThreads="150"
> minSpareThreads="25"
> port="9443"
> scheme="https"
> secure="true"
> SSLEnabled="true
Missing second " after the value above.
> SSLProtocol="${jazz.connector.sslProtocol}"/>
>
> We tried to omit and change ${jazz.connector.*} parameters without effect so we think it's not relevant.
What values they expand to?
> (Rational Team Concert is running on this server, hopefully unrelevant.) After all, when connecting to the server we've got the mentioned error:
>
> "An error occurred during a connection to https://some-machine:9443.
> SSL received a record that exceeded the maximum permissible length.
> (Error code: ssl_error_rx_record_too_long)"
>
> No error messages in log.
And any INFO messages when the connector/protocol starts?
I do not see SSLEngine="on" in your <Connector> and apr.html page of
the docs says that its default value is "off".
What happens if you connect with the HTTP protocol,
http://some-machine:9443
> Any instructions, comments, hints appreciated.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: tomcat with apr and openssl gives ssl_error_rx_record_too_long
Posted by Lengyel Tamás <le...@quattrosoft.hu>.
Sorry, too much copy/pastes made my mail unreadable. Again:
Hi all,
We use tomcat 5.5.30 on ubuntu linux, ssl configured and working (with java keystore).
We tried to install APR. libapr1-dev, libssl-dev, java (jdk1.6.0_24) installed.
tomcat-native-1.1-20-src downloaded, and built correctly ("Loaded APR based Apache Tomcat Native library 1.1.20" message in catalina.out, no error messages).
We used the free "portecle" application to export private key and certificate from the java keystore.
Relevant server.xml parts are:
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Connector
protocol="org.apache.coyote.http11.Http11AprProtocol"
URIEncoding="UTF-8"
acceptCount="100"
algorithm="${jazz.connector.algorithm}"
clientAuth="false"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
SSLCertificateFile="/opt/IBM/JazzTeamServer/server/tomcat/rtc.cer"
SSLCertificateKeyFile="/opt/IBM/JazzTeamServer/server/tomcat/rtcpk.pem"
SSLPassword=""
maxHttpHeaderSize="8192"
maxSpareThreads="75"
maxThreads="150"
minSpareThreads="25"
port="9443"
scheme="https"
secure="true"
SSLEnabled="true
SSLProtocol="${jazz.connector.sslProtocol}"/>
We tried to omit and change ${jazz.connector.*} parameters without effect so we think it's not relevant.
(Rational Team Concert is running on this server, hopefully unrelevant.) After all, when connecting to the server we've got the mentioned error:
"An error occurred during a connection to https://some-machine:9443.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)"
No error messages in log.
Any instructions, comments, hints appreciated.
Best regards,
Lengyel Tamas
e-mail: lengyel@quattrosoft.hu<ma...@quattrosoft.hu>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org