[apache2][SSL] firefox returns SSL_ERROR_RX_RECORD_TOO_LONG

English Network/Internet
1

Greetings,

I’m trying to set up a test server for my students using “https” protocol.
Aside I want to keep a “running” http server listening on port 80.

So I have two .conf files on my /etc/apache2/vhost.d folder…


<VirtualHost www.server.dezordi.world:80>
...
</VirtualHost>

The server name is listed in /etc/hosts for now but may later, once it works, be added to the DNS in the lab.

<IfDefine SSL>
<IfDefine !NOSSL>
<VirtualHost _default_:443>
    ServerName www.secureserver.dezordi.world:443
    SSLEngine on
    SSLUseStapling  on

    SSLCertificateFile /etc/apache2/ssl.crt/secureserver.crt
    SSLCertificateKeyFile /etc/apache2/ssl.key/secureserver.key

</VirtualHost>
</IfDefine>
</IfDefine>

Using netstat -anp --tcp after restarting the apache2 server…

tcp        0      0 127.0.0.2:443           0.0.0.0:*               LISTEN      9281/httpd-prefork

I can access the virtual host on 192.168.0.4 with http, but when trying the 127.0.0.2 on https I got SSL_ERROR_RX_RECORD_TOO_LONG message :{

**sirius:/etc/ssl/private #** openssl s_client -connect www.secureserver.dezordi.world:443 
CONNECTED(00000003) 
140201918243264:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332: 
--- 
no peer certificate available 
--- 
No client certificate CA names sent 
--- 
SSL handshake has read 5 bytes and written 332 bytes 
Verification: OK 
--- 
New, (NONE), Cipher is (NONE) 
Secure Renegotiation IS NOT supported 
Compression: NONE 
Expansion: NONE 
No ALPN negotiated 
Early data was not sent 
Verify return code: 0 (ok) 
---

I can’t really understand what is the output from openssl -client

Questions:

Is that firefox related issue (I will try with another browser) ?

I followed the tutorial (https://doc.opensuse.org/documentation/leap/reference/html/book-reference/cha-apache2.html#sec-apache2-ssl), here is the situation in the file system

I put in /etc/ssl/private the file secureserver.key

**sirius:/etc/apache2 #** tree -L 2 ssl* 

**ssl.crl**
└── README.CRL 
**ssl.crt**
├── README.CRT 
[FONT=monospace]└── secureserver.crt 

**ssl.csr**
└── README.CSR 

**ssl.key**
├── README.KEY 
└── secureserver.key 

**ssl.prm**
└── README.PRM 

0 directories, 12 files
[/FONT]

Did I “mismoved” the files or mismatched the .key/.crt/*.pem as I have no particular knowledge in SSL/TLS protocol ?

2

The error usually means SSL for the port is not enabled and it’s trying to “talk” via http - this from my experience usually stems from sysconfig file not declaring that SSL module should be enabled.

First;
edit /etc/sysconfig/apache2 , find APACHE_SERVER_FLAGS="" and edit it to show **APACHE_SERVER_FLAGS=“SSL”
**
Restart Apache2.

3

You were right ^^

I did programming for a while in C programming and when I saw the lines returned by systemctl when starting apache2 I never thought about the fact that -DSSL was missing lol ^^