Re: Connection TLS Error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, 2023-11-19 at 16:16 -0500, Frank Gingras wrote:
> 
> 
> On Sun, Nov 19, 2023 at 3:25 PM John <john.iliffe@xxxxxxxxx> wrote:
> > On Sun, 2023-11-19 at 15:17 -0500, Eric Covener wrote:
> > > On Sun, Nov 19, 2023 at 3:15 PM John <john.iliffe@xxxxxxxxx> wrote:
> > > > 
> > > > On Sun, 2023-11-19 at 14:35 -0500, Eric Covener wrote:
> > > > > On Sun, Nov 19, 2023 at 2:31 PM John <john.iliffe@xxxxxxxxx> wrote:
> > > > > > 
> > > > > > When I try to connect to Apache (2.4.53) using TLS 1.3 I get a browser error:
> > > > > >         Error code: SSL_ERROR_RX_RECORD_TOO_LONG    (Firefox)
> > > > > 
> > > > > What does your SSL-enabled virtualhost look like
> > > > 
> > > > Here is the example.conf include file; ssl.conf follows
> > > > 
> > > > # SSL Support for example.ca ONLY!
> > > > <Virtualhost *:443>
> > > >    ServerName www.example.ca
> > > >         ServerAlias t.example.ca
> > > >    DocumentRoot /usr/httpd/example
> > > >    Options -MultiViews
> > > >    H2Direct on
> > > >    ProxyPassMatch "^/.*\.php(/.*)?$" fcgi://127.0.0.1:9002/usr/httpd/example
> > > > #   SSLEngine on
> > > 
> > > ^^^ Pretty suspicious?
> > > 
> > 
> > 
> > SSLEngine being commented out?  It is already turned on in ssl.conf and one of the problems that
> > I
> > already had to fix was duplicate entries between conf file sections.
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> > > 
> > 
> > 
> 
>  
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> > 
> > 
> 
> 
> You can't inherit SSLEngine on like that - you must either set it in the vhost context, or include
> a file that sets it.  I don't see an include directive in your vhost, either.
Thanks Frank and Eric.  I kind of suspected that when I thought about it but truly Eric caught me by
surprise because I had to delete (comment out actually) a number of things that can't appear in
multiple places.  (eg Listen).

Thanks again fellows.

John
======

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux