tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <>
Subject Re: tomcat with apr and openssl gives ssl_error_rx_record_too_long
Date Fri, 01 Apr 2011 17:17:41 GMT
2011/4/1 Lengyel Tamás <>:
> Sorry, too much copy/pastes made my mail unreadable. Again:
> Hi all,
> We use tomcat 5.5.30 on ubuntu linux, ssl configured and working (with java keystore).
> We tried to install APR. libapr1-dev, libssl-dev, java (jdk1.6.0_24) installed.
> tomcat-native-1.1-20-src downloaded, and built correctly ("Loaded APR based Apache Tomcat
Native library 1.1.20" message in catalina.out, no error messages).
> We used the free "portecle" application to export private key and certificate from the
java keystore.
> Relevant server.xml parts are:
>    <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"
>    <Connector
>      protocol="org.apache.coyote.http11.Http11AprProtocol"
>      URIEncoding="UTF-8"
>      acceptCount="100"
>      algorithm="${jazz.connector.algorithm}"
>      clientAuth="false"
>      connectionTimeout="20000"
>      disableUploadTimeout="true"
>      enableLookups="false"
>      SSLCertificateFile="/opt/IBM/JazzTeamServer/server/tomcat/rtc.cer"
>      SSLCertificateKeyFile="/opt/IBM/JazzTeamServer/server/tomcat/rtcpk.pem"
>      SSLPassword=""
>      maxHttpHeaderSize="8192"
>      maxSpareThreads="75"
>      maxThreads="150"
>      minSpareThreads="25"
>      port="9443"
>      scheme="https"
>      secure="true"
>      SSLEnabled="true

Missing second " after the value above.

>      SSLProtocol="${jazz.connector.sslProtocol}"/>
> We tried to omit and change ${jazz.connector.*} parameters without effect so we think
it's not relevant.

What values they expand to?

> (Rational Team Concert is running on this server, hopefully unrelevant.) After all, when
connecting to the server we've got the mentioned error:
> "An error occurred during a connection to https://some-machine:9443.
> SSL received a record that exceeded the maximum permissible length.
> (Error code: ssl_error_rx_record_too_long)"
> No error messages in log.

And any INFO messages when the connector/protocol starts?

I do not see SSLEngine="on" in your <Connector> and apr.html page of
the docs says that its default value is "off".

What happens if you connect with the HTTP protocol,

> Any instructions, comments, hints appreciated.

Best regards,
Konstantin Kolinko

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message