SSL received a record that exceeded the maximum permissible length.

John Oliver <joliver@xxxxxxxxxxxxxxx> · Fri, 13 Nov 2009 09:21:43 -0800

I have one physical server with two IP addresses.  I created
VirtualHosts for each:

NameVirtualHost 192.168.1.47:443
NameVirtualHost 192.168.1.129:443

<VirtualHost 192.168.1.47:443>
    ServerName virtual.host1
    DocumentRoot /var/www/html2
    ErrorLog logs/ssl_error2_log
    CustomLog logs/ssl_request2_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLVerifyClient require
    SSLVerifyDepth  10
    SSLCertificateFile /etc/pki/tls/certs/subscriber.pem
    SSLCACertificateFile /etc/pki/tls/certs/cabundle.crt
    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>
    <Directory "/var/www/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>
    SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
</VirtualHost>

<VirtualHost 192.168.1.129:443>
    ServerName virtual.host2
    DocumentRoot /var/www/html
    ErrorLog logs/ssl_error_log
    CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCertificateFile /etc/pki/tls/certs/ois_cert.pem
    SSLCertificateKeyFile /etc/pki/tls/private/ois_key.pem
    SSLCACertificateFile /etc/pki/tls/certs/cabundle.crt
    SSLVerifyClient require
    SSLVerifyDepth  10
</VirtualHost>

When I visit https://virtual.host2/ I get:

(Error code: ssl_error_rx_record_too_long)

But nothing is logged, even if I change LogLevel to 'debug'.
https://192.168.1.129/ works just fine.  I've double-checked the file
permissions for the cert and key, and that the cert is not expired.
Googling hasn't helped.  I'm at kind of a loss here!  What else can I
look at for more clues?

-- 
***********************************************************************
* John Oliver                             http://www.john-oliver.net/ *
*                                                                     *
***********************************************************************

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx