Hi,

I get this error on the browser (firefox) when accessing to certain ssl
pages, mainly files from dotLRN's content repository.

-------------------------------------------------------------------
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
-------------------------------------------------------------------

Accessing to these files by the http port works perfectly. There is no
error on aolserver's log.

Some details:

* dotLRN 2.4.0
* debian GNU/Linux etch amd64
* aolserver 4.0.10 (debian package)
* nsopenssl 3.0beta22 (debian package)

Some data from config.tcl:

#---------------------------------------------------------------------
# OpenSSL for Aolserver 4  
#---------------------------------------------------------------------    
    ns_section "ns/server/${server}/module/nsopenssl"
        ns_param ServerPort                $httpsport

    ns_section "ns/server/${server}/module/nsopenssl/sslcontexts"
        ns_param users        "SSL context used for regular user access"
        ns_param client       "SSL context used for outgoing script socket 
connections"

    ns_section "ns/server/${server}/module/nsopenssl/defaults"
        ns_param server               users
        ns_param client               client

    ns_section "ns/server/${server}/module/nsopenssl/sslcontext/users"
        ns_param Role                  server
        ns_param ModuleDir              /etc/aolserver4/ssl/${server}/ 
        ns_param CertFile               server.crt
        ns_param Protocols             "SSLv3, TLSv1"
        ns_param CipherSuite           
"ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:!SSLv2:+EXP"
        ns_param PeerVerify            false
        ns_param PeerVerifyDepth       3
        ns_param Trace                 false    
        ns_param SessionCache true
        ns_param SessionCacheID 1
        ns_param SessionCacheSize 512
        ns_param SessionCacheTimeout 300

    ns_section "ns/server/${server}/module/nsopenssl/sslcontext/client"
        ns_param Role                  client
        ns_param ModuleDir             ${serverroot}/etc/certs
        ns_param CertFile              certfile.pem
        ns_param KeyFile               keyfile.pem
        ns_param Protocols             "SSLv3, TLSv1"
        ns_param CipherSuite           
"ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:!SSLv2:+EXP"
        ns_param PeerVerify            false
        ns_param PeerVerifyDepth       3
        ns_param Trace                 false
        ns_param SessionCache true
        ns_param SessionCacheID 1
        ns_param SessionCacheSize 512
        ns_param SessionCacheTimeout 300

    ns_section "ns/server/${server}/module/nsopenssl/ssldrivers"
        ns_param users         "Driver for regular user access"

    ns_section "ns/server/${server}/module/nsopenssl/ssldriver/users"
        ns_param sslcontext            users
        ns_param port                  $httpsport
        ns_param hostname              $hostname
        ns_param address               $address
        ns_param   maxinput           [expr 150 * 1024 * 1024] ;# in bytes
        ns_param   recvwait           [expr 60 * 60] ;# in minutes
#---------------------------------------------------------------------

Any tips? Need more data?

Cheers, H├ęctor


--
AOLserver - http://www.aolserver.com/

To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> 
with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: 
field of your email blank.

Reply via email to