[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-user
Subject:    RE: tomcat with apr and openssl gives ssl_error_rx_record_too_long
From:       Lengyel_Tamás <lengyel () quattrosoft ! hu>
Date:       2011-04-04 6:12:29
Message-ID: 0352B4072F65C04BA83AAB92979F768DDBE5C5CD () MAIL ! qs ! local
[Download RAW message or body]

Hi!

It was the SSLEngine="on" in the connector. I missed it in the doc somehow and only \
set in the Listener. It's working now.
Thanks Konstantin!

Best regards,

Tamas Lengyel

-----Original Message-----
From: Konstantin Kolinko [mailto:knst.kolinko@gmail.com] 
Sent: Friday, April 01, 2011 7:18 PM
To: Tomcat Users List
Subject: Re: tomcat with apr and openssl gives ssl_error_rx_record_too_long

2011/4/1 Lengyel Tamás <lengyel@quattrosoft.hu>:
> Sorry, too much copy/pastes made my mail unreadable. Again:
> 
> Hi all,
> We use tomcat 5.5.30 on ubuntu linux, ssl configured and working (with java \
> keystore). We tried to install APR. libapr1-dev, libssl-dev, java (jdk1.6.0_24) \
> installed. tomcat-native-1.1-20-src downloaded, and built correctly ("Loaded APR \
> based Apache Tomcat Native library 1.1.20" message in catalina.out, no error \
> messages). We used the free "portecle" application to export private key and \
> certificate from the java keystore. Relevant server.xml parts are:
> 
> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" \
> /> 
> <Connector
> protocol="org.apache.coyote.http11.Http11AprProtocol"
> URIEncoding="UTF-8"
> acceptCount="100"
> algorithm="${jazz.connector.algorithm}"
> clientAuth="false"
> connectionTimeout="20000"
> disableUploadTimeout="true"
> enableLookups="false"
> SSLCertificateFile="/opt/IBM/JazzTeamServer/server/tomcat/rtc.cer"
> SSLCertificateKeyFile="/opt/IBM/JazzTeamServer/server/tomcat/rtcpk.pem"
> SSLPassword=""
> maxHttpHeaderSize="8192"
> maxSpareThreads="75"
> maxThreads="150"
> minSpareThreads="25"
> port="9443"
> scheme="https"
> secure="true"
> SSLEnabled="true

Missing second " after the value above.

> SSLProtocol="${jazz.connector.sslProtocol}"/>
> 
> We tried to omit and change ${jazz.connector.*} parameters without effect so we \
> think it's not relevant.

What values they expand to?

> (Rational Team Concert is running on this server, hopefully unrelevant.) After all, \
> when connecting to the server we've got the mentioned error: 
> "An error occurred during a connection to https://some-machine:9443.
> SSL received a record that exceeded the maximum permissible length.
> (Error code: ssl_error_rx_record_too_long)"
> 
> No error messages in log.

And any INFO messages when the connector/protocol starts?

I do not see SSLEngine="on" in your <Connector> and apr.html page of
the docs says that its default value is "off".

What happens if you connect with the HTTP protocol,
http://some-machine:9443

> Any instructions, comments, hints appreciated.

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]