Connection TLS Error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

When I try to connect to Apache (2.4.53) using TLS 1.3 I get a browser error:
	Error code: SSL_ERROR_RX_RECORD_TOO_LONG    (Firefox)
with no errors shown in the Apache error log.  I'm trying to serve a static page (ie no PHP content)

I tried netstat -lpan | grep 443 and that only shows IPv6 on this port; why no IPv4?  There is a
Listen 443 directive in the httpd.conf.

Apache is running with startup info:
[Sun Nov 19 13:46:40.402742 2023] [core:notice] [pid 17776:tid 17776] SELinux policy enabled; httpd
running as context system_u:system_r:httpd_t:s0
[Sun Nov 19 13:46:40.403422 2023] [suexec:notice] [pid 17776:tid 17776] AH01232: suEXEC mechanism
enabled (wrapper: /usr/sbin/suexec)
[Sun Nov 19 13:46:40.417257 2023] [lbmethod_heartbeat:notice] [pid 17776:tid 17776] AH02282: No
slotmem from mod_heartmonitor
[Sun Nov 19 13:46:40.419377 2023] [mpm_event:notice] [pid 17776:tid 17776] AH00489: Apache/2.4.53
(Rocky Linux) OpenSSL/3.0.7 configured -- resuming normal operations
[Sun Nov 19 13:46:40.419405 2023] [core:notice] [pid 17776:tid 17776] AH00094: Command line:
'/usr/sbin/httpd -D FOREGROUND'

TLS/mod_ssl is running with the default Rocky permissions and set to our certificate info.

To force connection to the test server I changed the URL from www.example.ca to t.example.ca and
included this in the hosts file on the workstation. t.example.ca is listed in the config files under
"ServerAlias t.example.ca" 

The browser tools give this info:
Accept
	text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Encoding
	gzip, deflate, br
Accept-Language
	en-US,en;q=0.5
Connection
	keep-alive
DNT
	1
Host
	t.example.ca
Sec-Fetch-Dest
	document
Sec-Fetch-Mode
	navigate
Sec-Fetch-Site
	cross-site
Upgrade-Insecure-Requests
	1
User-Agent
	Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/119.0

none of which seems terribly relevant.

Any ideas how to attack this?

Thanks in advance.

John
======

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux