Hi! It was the SSLEngine="on" in the connector. I missed it in the doc somehow and only set in the Listener. It's working now. Thanks Konstantin!
Best regards, Tamas Lengyel -----Original Message----- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Friday, April 01, 2011 7:18 PM To: Tomcat Users List Subject: Re: tomcat with apr and openssl gives ssl_error_rx_record_too_long 2011/4/1 Lengyel Tamás <leng...@quattrosoft.hu>: > Sorry, too much copy/pastes made my mail unreadable. Again: > > Hi all, > We use tomcat 5.5.30 on ubuntu linux, ssl configured and working (with java > keystore). > We tried to install APR. libapr1-dev, libssl-dev, java (jdk1.6.0_24) > installed. > tomcat-native-1.1-20-src downloaded, and built correctly ("Loaded APR based > Apache Tomcat Native library 1.1.20" message in catalina.out, no error > messages). > We used the free "portecle" application to export private key and certificate > from the java keystore. > Relevant server.xml parts are: > > <Listener className="org.apache.catalina.core.AprLifecycleListener" > SSLEngine="on" /> > > <Connector > protocol="org.apache.coyote.http11.Http11AprProtocol" > URIEncoding="UTF-8" > acceptCount="100" > algorithm="${jazz.connector.algorithm}" > clientAuth="false" > connectionTimeout="20000" > disableUploadTimeout="true" > enableLookups="false" > SSLCertificateFile="/opt/IBM/JazzTeamServer/server/tomcat/rtc.cer" > SSLCertificateKeyFile="/opt/IBM/JazzTeamServer/server/tomcat/rtcpk.pem" > SSLPassword="" > maxHttpHeaderSize="8192" > maxSpareThreads="75" > maxThreads="150" > minSpareThreads="25" > port="9443" > scheme="https" > secure="true" > SSLEnabled="true Missing second " after the value above. > SSLProtocol="${jazz.connector.sslProtocol}"/> > > We tried to omit and change ${jazz.connector.*} parameters without effect so > we think it's not relevant. What values they expand to? > (Rational Team Concert is running on this server, hopefully unrelevant.) > After all, when connecting to the server we've got the mentioned error: > > "An error occurred during a connection to https://some-machine:9443. > SSL received a record that exceeded the maximum permissible length. > (Error code: ssl_error_rx_record_too_long)" > > No error messages in log. And any INFO messages when the connector/protocol starts? I do not see SSLEngine="on" in your <Connector> and apr.html page of the docs says that its default value is "off". What happens if you connect with the HTTP protocol, http://some-machine:9443 > Any instructions, comments, hints appreciated. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
