Re: SSL received a record that exceeded the maximum permissible length
On Sat, 20 Feb 2010 21:14:36 -0500 (EST), Bernard Fay wrote:
> I create a CA certificate and site certificate according to
> I set it up in Apache under Debian Lenny.
> When I try to access the site, I receive the following message:
> Secure Connection Failed
> An error occurred during a connection to www.kingstongrant.com.
> SSL received a record that exceeded the maximum permissible length.
> (Error code: ssl_error_rx_record_too_long)
> What could be wrong? Am I missing a module? I have the following modules
> loaded in Apache.
> apache2ctl -M
> Loaded Modules:
> core_module (static)
> log_config_module (static)
> logio_module (static)
> mpm_prefork_module (static)
> http_module (static)
> so_module (static)
> alias_module (shared)
> auth_basic_module (shared)
> authn_file_module (shared)
> authz_default_module (shared)
> authz_groupfile_module (shared)
> authz_host_module (shared)
> authz_user_module (shared)
> autoindex_module (shared)
> cgi_module (shared)
> deflate_module (shared)
> dir_module (shared)
> env_module (shared)
> mime_module (shared)
> negotiation_module (shared)
> perl_module (shared)
> php5_module (shared)
> proxy_module (shared)
> proxy_http_module (shared)
> setenvif_module (shared)
> ssl_module (shared)
> status_module (shared)
> Syntax OK
You say you created a CA certificate and a site certificate on your site.
Let's call that site A. So the web server on site A is using a site
certificate signed by a homemade CA certificate. Now you try to do
a secure SSL connection to site A from site B. But ...
Does site B have that homemade CA certificate installed in its
repository of trusted CAs? If not, then it won't work. I'm not sure
about a "record length exceeded" error; but I do know that if site
B does not have the CA certificate that signed the site certificate
that site A's web server is using installed in its database of trusted
CAs that TLS negotiation will certainly fail.