[prev in list] [next in list] [prev in thread] [next in thread]
List: tomcat-user
Subject: RE: tomcat with apr and openssl gives ssl_error_rx_record_too_long
From: Lengyel_Tamás <lengyel () quattrosoft ! hu>
Date: 2011-04-04 6:12:29
Message-ID: 0352B4072F65C04BA83AAB92979F768DDBE5C5CD () MAIL ! qs ! local
[Download RAW message or body]
Hi!
It was the SSLEngine="on" in the connector. I missed it in the doc somehow and only \
set in the Listener. It's working now.
Thanks Konstantin!
Best regards,
Tamas Lengyel
-----Original Message-----
From: Konstantin Kolinko [mailto:knst.kolinko@gmail.com]
Sent: Friday, April 01, 2011 7:18 PM
To: Tomcat Users List
Subject: Re: tomcat with apr and openssl gives ssl_error_rx_record_too_long
2011/4/1 Lengyel Tamás <lengyel@quattrosoft.hu>:
> Sorry, too much copy/pastes made my mail unreadable. Again:
>
> Hi all,
> We use tomcat 5.5.30 on ubuntu linux, ssl configured and working (with java \
> keystore). We tried to install APR. libapr1-dev, libssl-dev, java (jdk1.6.0_24) \
> installed. tomcat-native-1.1-20-src downloaded, and built correctly ("Loaded APR \
> based Apache Tomcat Native library 1.1.20" message in catalina.out, no error \
> messages). We used the free "portecle" application to export private key and \
> certificate from the java keystore. Relevant server.xml parts are:
>
> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" \
> />
> <Connector
> protocol="org.apache.coyote.http11.Http11AprProtocol"
> URIEncoding="UTF-8"
> acceptCount="100"
> algorithm="${jazz.connector.algorithm}"
> clientAuth="false"
> connectionTimeout="20000"
> disableUploadTimeout="true"
> enableLookups="false"
> SSLCertificateFile="/opt/IBM/JazzTeamServer/server/tomcat/rtc.cer"
> SSLCertificateKeyFile="/opt/IBM/JazzTeamServer/server/tomcat/rtcpk.pem"
> SSLPassword=""
> maxHttpHeaderSize="8192"
> maxSpareThreads="75"
> maxThreads="150"
> minSpareThreads="25"
> port="9443"
> scheme="https"
> secure="true"
> SSLEnabled="true
Missing second " after the value above.
> SSLProtocol="${jazz.connector.sslProtocol}"/>
>
> We tried to omit and change ${jazz.connector.*} parameters without effect so we \
> think it's not relevant.
What values they expand to?
> (Rational Team Concert is running on this server, hopefully unrelevant.) After all, \
> when connecting to the server we've got the mentioned error:
> "An error occurred during a connection to https://some-machine:9443.
> SSL received a record that exceeded the maximum permissible length.
> (Error code: ssl_error_rx_record_too_long)"
>
> No error messages in log.
And any INFO messages when the connector/protocol starts?
I do not see SSLEngine="on" in your <Connector> and apr.html page of
the docs says that its default value is "off".
What happens if you connect with the HTTP protocol,
http://some-machine:9443
> Any instructions, comments, hints appreciated.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic