[apache2][SSL] firefox returns SSL_ERROR_RX_RECORD_TOO_LONG


I’m trying to set up a test server for my students using “https” protocol.
Aside I want to keep a “running” http server listening on port 80.

So I have two .conf files on my /etc/apache2/vhost.d folder…

<VirtualHost www.server.dezordi.world:80>

The server name is listed in /etc/hosts for now but may later, once it works, be added to the DNS in the lab.

<IfDefine SSL>
<IfDefine !NOSSL>
<VirtualHost _default_:443>
    ServerName www.secureserver.dezordi.world:443
    SSLEngine on
    SSLUseStapling  on

    SSLCertificateFile /etc/apache2/ssl.crt/secureserver.crt
    SSLCertificateKeyFile /etc/apache2/ssl.key/secureserver.key


Using netstat -anp --tcp after restarting the apache2 server…

tcp        0      0 *               LISTEN      9281/httpd-prefork   

I can access the virtual host on with http, but when trying the on https I got SSL_ERROR_RX_RECORD_TOO_LONG message :{

**sirius:/etc/ssl/private #** openssl s_client -connect www.secureserver.dezordi.world:443 
140201918243264:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332: 
no peer certificate available 
No client certificate CA names sent 
SSL handshake has read 5 bytes and written 332 bytes 
Verification: OK 
New, (NONE), Cipher is (NONE) 
Secure Renegotiation IS NOT supported 
Compression: NONE 
Expansion: NONE 
No ALPN negotiated 
Early data was not sent 
Verify return code: 0 (ok) 

I can’t really understand what is the output from openssl -client


Is that firefox related issue (I will try with another browser) ?

I followed the tutorial (https://doc.opensuse.org/documentation/leap/reference/html/book-reference/cha-apache2.html#sec-apache2-ssl), here is the situation in the file system

I put in /etc/ssl/private the file secureserver.key

**sirius:/etc/apache2 #** tree -L 2 ssl* 

[FONT=monospace]└── secureserver.crt 


└── secureserver.key 


0 directories, 12 files

Did I “mismoved” the files or mismatched the .key/.crt/*.pem as I have no particular knowledge in SSL/TLS protocol ?

The error usually means SSL for the port is not enabled and it’s trying to “talk” via http - this from my experience usually stems from sysconfig file not declaring that SSL module should be enabled.

edit /etc/sysconfig/apache2 , find APACHE_SERVER_FLAGS="" and edit it to show **APACHE_SERVER_FLAGS=“SSL”
Restart Apache2.

You were right ^^

I did programming for a while in C programming and when I saw the lines returned by systemctl when starting apache2 I never thought about the fact that -DSSL was missing lol ^^