[users@httpd] Connection TLS Error

Sun, 19 Nov 2023 11:30:45 -0800 

When I try to connect to Apache (2.4.53) using TLS 1.3 I get a browser error:
        Error code: SSL_ERROR_RX_RECORD_TOO_LONG    (Firefox)
with no errors shown in the Apache error log.  I'm trying to serve a static 
page (ie no PHP content)

I tried netstat -lpan | grep 443 and that only shows IPv6 on this port; why no 
IPv4?  There is a
Listen 443 directive in the httpd.conf.

Apache is running with startup info:
[Sun Nov 19 13:46:40.402742 2023] [core:notice] [pid 17776:tid 17776] SELinux 
policy enabled; httpd
running as context system_u:system_r:httpd_t:s0
[Sun Nov 19 13:46:40.403422 2023] [suexec:notice] [pid 17776:tid 17776] 
AH01232: suEXEC mechanism
enabled (wrapper: /usr/sbin/suexec)
[Sun Nov 19 13:46:40.417257 2023] [lbmethod_heartbeat:notice] [pid 17776:tid 
17776] AH02282: No
slotmem from mod_heartmonitor
[Sun Nov 19 13:46:40.419377 2023] [mpm_event:notice] [pid 17776:tid 17776] 
AH00489: Apache/2.4.53
(Rocky Linux) OpenSSL/3.0.7 configured -- resuming normal operations
[Sun Nov 19 13:46:40.419405 2023] [core:notice] [pid 17776:tid 17776] AH00094: 
Command line:
'/usr/sbin/httpd -D FOREGROUND'

TLS/mod_ssl is running with the default Rocky permissions and set to our 
certificate info.

To force connection to the test server I changed the URL from www.example.ca to 
t.example.ca and
included this in the hosts file on the workstation. t.example.ca is listed in 
the config files under
"ServerAlias t.example.ca" 

The browser tools give this info:
Accept
        
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Encoding
        gzip, deflate, br
Accept-Language
        en-US,en;q=0.5
Connection
        keep-alive
DNT
        1
Host
        t.example.ca
Sec-Fetch-Dest
        document
Sec-Fetch-Mode
        navigate
Sec-Fetch-Site
        cross-site
Upgrade-Insecure-Requests
        1
User-Agent
        Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/119.0

none of which seems terribly relevant.

Any ideas how to attack this?

Thanks in advance.

John
======

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to