Héctor,
Try and duplicate the problem with another browser, preferably as many
other browsers as you have available. This will narrow down whether
it's an interaction problem with Firefox in particular or a general
problem. If all the other browsers have no problems yet Firefox still
does, then you might want to review Firefox's SSL settings and try out
different combinations to narrow down what settings in particular
cause this problem. If other browsers exhibit the same error, then
we'd want to know that as well.
Also, state the specific version numbers of all the browsers you test
with, what OS version you tried with each, and if the web site is
available publicly, the specific URL that exhibits the issue so that
others might try it.
/s.
On Nov 3, 2008, at 12:32 PM, Hector Romojaro wrote:
Hi,
I get this error on the browser (firefox) when accessing to certain
ssl
pages, mainly files from dotLRN's content repository.
-------------------------------------------------------------------
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
-------------------------------------------------------------------
Accessing to these files by the http port works perfectly. There is no
error on aolserver's log.
Some details:
* dotLRN 2.4.0
* debian GNU/Linux etch amd64
* aolserver 4.0.10 (debian package)
* nsopenssl 3.0beta22 (debian package)
Some data from config.tcl:
#---------------------------------------------------------------------
# OpenSSL for Aolserver 4
#---------------------------------------------------------------------
ns_section "ns/server/${server}/module/nsopenssl"
ns_param ServerPort $httpsport
ns_section "ns/server/${server}/module/nsopenssl/sslcontexts"
ns_param users "SSL context used for regular user
access"
ns_param client "SSL context used for outgoing script
socket connections"
ns_section "ns/server/${server}/module/nsopenssl/defaults"
ns_param server users
ns_param client client
ns_section "ns/server/${server}/module/nsopenssl/sslcontext/users"
ns_param Role server
ns_param ModuleDir /etc/aolserver4/ssl/${server}/
ns_param CertFile server.crt
ns_param Protocols "SSLv3, TLSv1"
ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:
+MEDIUM:+LOW:+SSLv3:!SSLv2:+EXP"
ns_param PeerVerify false
ns_param PeerVerifyDepth 3
ns_param Trace false
ns_param SessionCache true
ns_param SessionCacheID 1
ns_param SessionCacheSize 512
ns_param SessionCacheTimeout 300
ns_section "ns/server/${server}/module/nsopenssl/sslcontext/client"
ns_param Role client
ns_param ModuleDir ${serverroot}/etc/certs
ns_param CertFile certfile.pem
ns_param KeyFile keyfile.pem
ns_param Protocols "SSLv3, TLSv1"
ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:
+MEDIUM:+LOW:+SSLv3:!SSLv2:+EXP"
ns_param PeerVerify false
ns_param PeerVerifyDepth 3
ns_param Trace false
ns_param SessionCache true
ns_param SessionCacheID 1
ns_param SessionCacheSize 512
ns_param SessionCacheTimeout 300
ns_section "ns/server/${server}/module/nsopenssl/ssldrivers"
ns_param users "Driver for regular user access"
ns_section "ns/server/${server}/module/nsopenssl/ssldriver/users"
ns_param sslcontext users
ns_param port $httpsport
ns_param hostname $hostname
ns_param address $address
ns_param maxinput [expr 150 * 1024 * 1024] ;# in
bytes
ns_param recvwait [expr 60 * 60] ;# in minutes
#---------------------------------------------------------------------
Any tips? Need more data?
Cheers, Héctor
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]
> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the
Subject: field of your email blank.
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]>
with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject:
field of your email blank.