Re: Apache2 - intermittent ssl_error_rx_record_too_long

Fri, 05 Dec 2014 21:14:18 -0800 

On 12/4/2014 8:46 PM, John Merriam wrote:

Hello.  I am experiencing a strange problem with Apache 2.2.27p4 on
OpenBSD 5.6-stable amd64.

I am _intermittently_ getting this error:

SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)

in Firefox 31.3.0esr (both Linux and Windows clients) when accessing my
server via HTTPS.  I am not seeing errors pop up in other browsers but I
am seeing strange things in IE11 and Chromium where things seem to not
always load over HTTPS.  The Qualsys SSL Server Test website also
reports errors accessing my server sometimes when I have run tests
against it using their tool.

What is very strange is that it is intermittent.  Things seem to work
then click a link or reload a page and the error pops up.
*snip*
I seem to have stopped the odd Apache behavior. Still not sure why it was a problem though.
I was able to observe that Apache 2.2 was occasionally deciding it didn't want the use the appropriate protocol on the proper port. I was able to get it to occasionally speak HTTP on port 443. I was also able to occasionally get it to speak HTTPS on port 80. I found that extremely strange.
At the start of this adventure I had the following pertinent configuration set: 

/etc/apache2/httpd2.conf
------------------------
Listen 80
<VirtualHost 1.2.3.4:80>
  ...
</VirtualHost>
<VirtualHost 1.2.3.5:80>
  ...
</VirtualHost>
Include /etc/apache2/extra/httpd-ssl.conf

/etc/apache2/extra/httpd-ssl.conf
---------------------------------
Listen 443
<VirtualHost 1.2.3.4:443>
  ...
</VirtualHost>
<VirtualHost 1.2.3.5:443>
  ...
</VirtualHost>


At the end, it looked like the following:

/etc/apache2/httpd2.conf
------------------------
Listen 1.2.3.4:80 http
Listen 1.2.3.5:80 http
<VirtualHost 1.2.3.4:80>
  ...
</VirtualHost>
<VirtualHost 1.2.3.5:80>
  ...
</VirtualHost>
Include /etc/apache2/extra/httpd-ssl.conf

/etc/apache2/extra/httpd-ssl.conf
---------------------------------
Listen 1.2.3.4:443 https
Listen 1.2.3.5:443 https
<VirtualHost 1.2.3.4:443>
  ...
</VirtualHost>
<VirtualHost 1.2.3.5:443>
  ...
</VirtualHost>
I had to specify multiple Listen directives for each IP. I would guess that specifying the protocol in the Listen directives might not be necessary to fix this, but at this point, I'll leave it...
The Apache docs don't seem to indicate that using Listen directives like that should have been necessary. Very strange to me. If I have the time, I'll see if I can figure out exactly what the issue was here. I think I might have an idea of what was going on and it may not really be a bug in Apache but if it's not then the behavior should be documented by them somewhere.
Anyway, at this point, I don't think this has much to do with OpenBSD specifically. So, sorry for the noise but I figured I should send the resolution that I found in case someone else runs in to this. 

--

John Merriam

Reply via email to