ssl_error_rx_record_too_long and Apache SSL [closed]

北城余情 提交于 2019-11-26 06:57:34

问题


I\'ve got a customer trying to access one of my sites, and they keep getting this error > ssl_error_rx_record_too_long

They\'re getting this error on all browsers, all platforms. I can\'t reproduce the problem at all.

My server and myself are located in the USA, the customer is located in India.

I googled on the problem, and the main source seems to be that the SSL port is speaking in HTTP. I checked my server, and this is not happening. I tried the solution mentioned here, but the customer has stated it did not fix the issue.

Can anyone tell me how I can fix this, or how I can reproduce this???

THE SOLUTION

Turns out the customer had a misconfigured local proxy!

Hope that helps anyone finding this question trying to debug it in the future.


回答1:


The link mentioned by Subimage was right on the money for me. It suggested changing the virtual host tag, ie, from <VirtualHost myserver.example.com:443> to <VirtualHost _default_:443>

Error code: ssl_error_rx_record_too_long

This usually means the implementation of SSL on your server is not correct. The error is usually caused by a server side problem which the server administrator will need to investigate.

Below are some things we recommend trying.

  • Ensure that port 443 is open and enabled on your server. This is the standard port for https communications.

  • If SSL is using a non-standard port then FireFox 3 can sometimes give this error. Ensure SSL is running on port 443.

  • If using Apache2 check that you are using port 443 for SSL. This can be done by setting the ports.conf file as follows

    Listen 80
    Listen 443 https
    
  • Make sure you do not have more than one SSL certificate sharing the same IP. Please ensure that all SSL certificates utilise their own dedicated IP.

  • If using Apache2 check your vhost config. Some users have reported changing <VirtualHost> to _default_ resolved the error.

That fixed my problem. It's rare that I google an error message and get the first hit with the right answer! :-)

In addition to the above, these are some other solutions that other folks have found were causing the issue:

  • Make sure that your SSL certificate is not expired

  • Try to specify the Cipher:

    SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:+SSLv3




回答2:


The solution for me was that default-ssl was not enabled in apache 2.... just putting SSLEngine On

I had to execute a2ensite default-ssl and everything worked.




回答3:


In my case I had to change the <VirtualHost *> back to <VirtualHost *:80> (which is the default on Ubuntu). Otherwise, the port 443 wasn't using SSL and was sending plain HTML back to the browser.

You can check whether this is your case quite easily: just connect to your server http://www.example.com:443. If you see plain HTML, your Apache is not using SSL on port 443 at all, most probably due to a VirtualHost misconfiguration.

Cheers!




回答4:


In my case I had forgot to set SSLEngine On in the configuration. Like so,

<VirtualHost _default_:443>
  SSLEngine On
  ...
</VirtualHost>

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslengine




回答5:


If you have the error after setup a new https vhost and the config seems to be right, remember to link in sites-enabled too.




回答6:


Old question, but first result in Google for me, so here's what I had to do.

Ubuntu 12.04 Desktop with Apache installed

All the configuration and mod_ssl was installed when I installed Apache, but it just wasn't linked in the right spots yet. Note: all paths below are relative to /etc/apache2/

mod_ssl is stored in ./mods-available, and the SSL site configuration is in ./sites-available, you just have to link these to their correct places in ./mods-enabled and ./sites-enabled

cd /etc/apache2
cd ./mods-enabled
sudo ln -s ../mods-available/ssl.* ./
cd ../sites-enabled
sudo ln -s ../sites-available/default-ssl ./

Restart Apache and it should work. I was trying to access https://localhost, so your results may vary for external access, but this worked for me.




回答7:


Ask the user for the exact URL they're using in their browser. If they're entering https://your.site:80, they may receive the ssl_error_rx_record_too_long error.




回答8:


In my case, I had the wrong IP Address in the virtual host file. The listen was 443, and the stanza was <VirtualHost 192.168.0.1:443> but the server did not have the 192.168.0.1 address!




回答9:


Please see this link.

I looked in all my apache log files until I found the actual error (I had changed the <VirtualHost> from _default_ to my fqdn). When I fixed this error, everything worked fine.




回答10:


In my case the problem was that https was unable to start correctly because Listen 443 was in "IfDefine SSL" derective, but my apache didnt start with -DSSL option. The fix was to change my apachectl script in:

$HTTPD -k $ARGV

to:

$HTTPD -k $ARGV -DSSL

Hope that helps somebody.




回答11:


My problem was due to a LOW MTU over a VPN connection.

netsh interface ipv4 show inter

Idx  Met   MTU   State        Name
---  ---  -----  -----------  -------------------
  1 4275 4294967295  connected    Loopback Pseudo-Interface 1
 10 4250   **1300**  connected    Wireless Network Connection
 31   25   1400  connected    Remote Access to XYZ Network

Fix: netsh interface ipv4 set interface "Wireless Network Connection" mtu=1400

It may be an issue over a non-VPN connection also...




回答12:


I had a messed up virtual host config. Remember you need one virtual host without SSL for port 80, and another one with SSL for port 443. You cannot have both in one virtual host, as the webmin-generated config tried to do.




回答13:


I had the same problem in some browser to access to my SSL site. I have found that I had to give to fireFox the right proxy (FireFox was accessing directly to internet).

Depending of the lan configuration (Tunneling, filtering, proxy redirection), the "direct access to internet" mode for FireFox throws this error.




回答14:


You might also try fixing the hosts file.

Keep the vhost file with the fully qualified domain and add the hostname in the hosts file /etc/hosts (debian)

ip.ip.ip.ip name name.domain.com

After restarting apache2, the error should be gone.




回答15:


For me the solution was that my ddclient was not cronning properly...



来源:https://stackoverflow.com/questions/119336/ssl-error-rx-record-too-long-and-apache-ssl

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!