1

Topic: Firefox ssl_error_rx_record_too_long

Hello i install iredmail of my local server.
Iam very happy with your solution, its easy fast and easy to handle!
So i have a problem, when i try to go of postfixadmin https://mywebsite.local/postfixadmin
than comes the warning message from firefox:   (Fehlercode: ssl_error_rx_record_too_long)
How can i fix this?
thanks for helping me
chun223

2

Re: Firefox ssl_error_rx_record_too_long

Do you have a ClarkConnect or ClearOS as a firewall before your mail server?

3

Re: Firefox ssl_error_rx_record_too_long

No i have install iredmail on a blank debian lenny.
No firewall.
I tihin it is a ssl problem or so.
But i dont know how i can fix this, this is why i post here.

4

Re: Firefox ssl_error_rx_record_too_long

maxie_ro wrote:

Do you have a ClarkConnect or ClearOS as a firewall before your mail server?

@maxie_ro. Do you mean iRedMail works on ClarkConnect & ClearOS without modification?

5

Re: Firefox ssl_error_rx_record_too_long

chun23 wrote:

No i have install iredmail on a blank debian lenny.
No firewall.
I tihin it is a ssl problem or so.
But i dont know how i can fix this, this is why i post here.

Could you please paste related apache error log?

6

Re: Firefox ssl_error_rx_record_too_long

ZhangHuangbin wrote:
maxie_ro wrote:

Do you have a ClarkConnect or ClearOS as a firewall before your mail server?

@maxie_ro. Do you mean iRedMail works on ClarkConnect & ClearOS without modification?

No, it doesn't. But you can put a separate machine with ClearOS/ClarkConnect as a firewall. Unfortunately it corrupts SSL sessions. I had this case a few days ago, this is why I asked.

@chun23: I'm not sure why this happens, but each time I saw this happen it was because of a broken firewall that modifies SSL sessions. Can you try disabling the firewall on your server if there is any? Also, can you try connecting directly to your mail server using a switch and see if the problem persists?
You can try also Google, I saw some errors caused by Apache modules etc.

7

Re: Firefox ssl_error_rx_record_too_long

Thank you for helping me!
Of the local server is no firewall installed.
Firefox says  ssl_error_ssl2_disabled   when i try to go of the site: https://www.mywebsite.local/postfixadmin
apache error log:
[Sun Jan 10 19:14:43 2010] [notice] Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g configured -- resuming normal operations
[Tue Jan 12 18:16:53 2010] [error] [client 10.10.10.6] File does not exist: /var/www/finalsetup/postfixadmin
[Tue Jan 12 19:33:17 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Jan 12 19:33:17 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Jan 12 19:33:17 2010] [notice] Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g configured -- resuming normal operations
[Wed Jan 13 13:43:18 2010] [error] [client 10.10.10.6] File does not exist: /var/www/finalsetup/phpmyadmin
[Wed Jan 13 13:43:18 2010] [error] [client 10.10.10.6] File does not exist: /var/www/finalsetup/favicon.ico

8

Re: Firefox ssl_error_rx_record_too_long

When i try to go of my site https://mywebsite.local  with opera stand there:
The server use the  ssl2 protocoll what not safe enough is. The owner from the server must change to TLS1.0 or higher.
So what i must change ?
please help me
thx

9

Re: Firefox ssl_error_rx_record_too_long

Nobody can help?

10

Re: Firefox ssl_error_rx_record_too_long

chun23 wrote:

Nobody can help?


I had a similar problem several months ago and found that the issue was not with iRedmail but with the DSL Modem/Router (Actiontec PK5000) that I was provided by my ISP. For 5 months everything worked just fine then all of the sudden I started getting this same error.

What I figured out after running many tests and many different configurations was that my DSL Modem/Router was not forwarding port 443 to the appropriate server.  That is when I was on my internal Network(just a switch between me and the Mail Server) everything worked just fine but as soon as anyone including myself tried to access Our Mail Server from the outside world we would get the same ssl error that you were getting. 

How I fixed the problem:
1) I verified that the DSL Modem was routing port 443 to my Mail Server (in my case the port forwarding rules that i had originally set were no longer working)
2) After figuring out that my original rules were no longer being applied I reset the rules -- this did not fix the problem
3) I verified that Apache was set up to support SSL (on an Ubuntu based systems I used the following commands:

a2ensite "your site name"
a2enmod ssl

4) After verifying that SSL Support was running on the Mail server I then Double Checked my DSL Modem/Router Configuration for port 443
5) I Formatted and re-installed the OS on my Mail Server 3 times with no success
6) I uninstalled and re-installed iRedmail 6 times with no success
7) I replaced the DSL Modem(Actiontec PK5000) that was provided by my ISP (replaced with D-Link DSL 2540b) and this fixed everything.


I think what is happening is a couple of things.
For me I have DNS Servers set up on my Local Network, so when the PK5000 lost its mind and start sending Everything on port 443 to my Web Server and not my Mail Server, my Web Server would read the TCP/IP Header of the packet and realize that the traffic for my Mail Server on port 443.  It would then query my DNS server and route the traffic to my Mail Server which would then try to respond but because of this Miss routed packet ALL Web Browsers would think something was wrong and kick out the SSL error.  I spent many Hours (well over 100hrs) trying to figure this issue out.