问题
I\'ve got a customer trying to access one of my sites, and they keep getting this error > ssl_error_rx_record_too_long
They\'re getting this error on all browsers, all platforms. I can\'t reproduce the problem at all.
My server and myself are located in the USA, the customer is located in India.
I googled on the problem, and the main source seems to be that the SSL port is speaking in HTTP. I checked my server, and this is not happening. I tried the solution mentioned here, but the customer has stated it did not fix the issue.
Can anyone tell me how I can fix this, or how I can reproduce this???
THE SOLUTION
Turns out the customer had a misconfigured local proxy!
Hope that helps anyone finding this question trying to debug it in the future.
回答1:
The link mentioned by Subimage was right on the money for me. It suggested changing the virtual host tag, ie, from <VirtualHost myserver.example.com:443>
to <VirtualHost _default_:443>
Error code:
ssl_error_rx_record_too_long
This usually means the implementation of SSL on your server is not correct. The error is usually caused by a server side problem which the server administrator will need to investigate.
Below are some things we recommend trying.
Ensure that port 443 is open and enabled on your server. This is the standard port for https communications.
If SSL is using a non-standard port then FireFox 3 can sometimes give this error. Ensure SSL is running on port 443.
If using Apache2 check that you are using port 443 for SSL. This can be done by setting the ports.conf file as follows
Listen 80 Listen 443 https
Make sure you do not have more than one SSL certificate sharing the same IP. Please ensure that all SSL certificates utilise their own dedicated IP.
If using Apache2 check your vhost config. Some users have reported changing
<VirtualHost>
to_default_
resolved the error.
That fixed my problem. It's rare that I google an error message and get the first hit with the right answer! :-)
In addition to the above, these are some other solutions that other folks have found were causing the issue:
Make sure that your SSL certificate is not expired
Try to specify the Cipher:
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:+SSLv3
回答2:
The solution for me was that default-ssl
was not enabled in apache 2.... just putting SSLEngine On
I had to execute a2ensite default-ssl
and everything worked.
回答3:
In my case I had to change the <VirtualHost *> back to <VirtualHost *:80> (which is the default on Ubuntu). Otherwise, the port 443 wasn't using SSL and was sending plain HTML back to the browser.
You can check whether this is your case quite easily: just connect to your server http://www.example.com:443. If you see plain HTML, your Apache is not using SSL on port 443 at all, most probably due to a VirtualHost misconfiguration.
Cheers!
回答4:
In my case I had forgot to set SSLEngine On
in the configuration. Like so,
<VirtualHost _default_:443>
SSLEngine On
...
</VirtualHost>
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslengine
回答5:
If you have the error after setup a new https vhost and the config seems to be right, remember to link in sites-enabled
too.
回答6:
Old question, but first result in Google for me, so here's what I had to do.
Ubuntu 12.04 Desktop with Apache installed
All the configuration and mod_ssl was installed when I installed Apache, but it just wasn't linked in the right spots yet. Note: all paths below are relative to /etc/apache2/
mod_ssl
is stored in ./mods-available
, and the SSL site configuration is in ./sites-available
, you just have to link these to their correct places in ./mods-enabled
and ./sites-enabled
cd /etc/apache2
cd ./mods-enabled
sudo ln -s ../mods-available/ssl.* ./
cd ../sites-enabled
sudo ln -s ../sites-available/default-ssl ./
Restart Apache and it should work. I was trying to access https://localhost, so your results may vary for external access, but this worked for me.
回答7:
Ask the user for the exact URL they're using in their browser. If they're entering https://your.site:80, they may receive the ssl_error_rx_record_too_long error.
回答8:
In my case, I had the wrong IP Address in the virtual host file. The listen was 443, and the stanza was <VirtualHost 192.168.0.1:443>
but the server did not have the 192.168.0.1 address!
回答9:
Please see this link.
I looked in all my apache log files until I found the actual error (I had changed the <VirtualHost>
from _default_
to my fqdn
). When I fixed this error, everything worked fine.
回答10:
In my case the problem was that https was unable to start correctly because Listen 443 was in "IfDefine SSL" derective, but my apache didnt start with -DSSL option. The fix was to change my apachectl script in:
$HTTPD -k $ARGV
to:
$HTTPD -k $ARGV -DSSL
Hope that helps somebody.
回答11:
My problem was due to a LOW MTU over a VPN connection.
netsh interface ipv4 show inter
Idx Met MTU State Name
--- --- ----- ----------- -------------------
1 4275 4294967295 connected Loopback Pseudo-Interface 1
10 4250 **1300** connected Wireless Network Connection
31 25 1400 connected Remote Access to XYZ Network
Fix: netsh interface ipv4 set interface "Wireless Network Connection" mtu=1400
It may be an issue over a non-VPN connection also...
回答12:
I had a messed up virtual host config. Remember you need one virtual host without SSL for port 80, and another one with SSL for port 443. You cannot have both in one virtual host, as the webmin-generated config tried to do.
回答13:
I had the same problem in some browser to access to my SSL site. I have found that I had to give to fireFox the right proxy (FireFox was accessing directly to internet).
Depending of the lan configuration (Tunneling, filtering, proxy redirection), the "direct access to internet" mode for FireFox throws this error.
回答14:
You might also try fixing the hosts file.
Keep the vhost file with the fully qualified domain and add the hostname in the hosts file /etc/hosts (debian)
ip.ip.ip.ip name name.domain.com
After restarting apache2, the error should be gone.
回答15:
For me the solution was that my ddclient was not cronning properly...
来源:https://stackoverflow.com/questions/119336/ssl-error-rx-record-too-long-and-apache-ssl