Hi Scott and all, Thanks for your quick response. We have found the problem, it was using bgdelivery patch with nsopenssl. Gustaf pointed it out and made a fix for that (thanks Gustaf!).
If anyone has this problem, Gustaf commited the fix to openacs cvs: http://cvs.openacs.org/cvs/openacs-4/packages/xotcl-core/tcl/bgdelivery-procs.tcl?r1=1.15&r2=1.16 Cheers, Héctor El lun, 03-11-2008 a las 13:30 -0500, Scott Goodwin escribió: > Héctor, > > Try and duplicate the problem with another browser, preferably as many > other browsers as you have available. This will narrow down whether > it's an interaction problem with Firefox in particular or a general > problem. If all the other browsers have no problems yet Firefox still > does, then you might want to review Firefox's SSL settings and try out > different combinations to narrow down what settings in particular > cause this problem. If other browsers exhibit the same error, then > we'd want to know that as well. > > Also, state the specific version numbers of all the browsers you test > with, what OS version you tried with each, and if the web site is > available publicly, the specific URL that exhibits the issue so that > others might try it. > > /s. > > > On Nov 3, 2008, at 12:32 PM, Hector Romojaro wrote: > > > Hi, > > > > I get this error on the browser (firefox) when accessing to certain > > ssl > > pages, mainly files from dotLRN's content repository. > > > > ------------------------------------------------------------------- > > SSL received a record that exceeded the maximum permissible length. > > (Error code: ssl_error_rx_record_too_long) > > ------------------------------------------------------------------- > > > > Accessing to these files by the http port works perfectly. There is no > > error on aolserver's log. > > > > Some details: > > > > * dotLRN 2.4.0 > > * debian GNU/Linux etch amd64 > > * aolserver 4.0.10 (debian package) > > * nsopenssl 3.0beta22 (debian package) > > > > Some data from config.tcl: > > > > #--------------------------------------------------------------------- > > # OpenSSL for Aolserver 4 > > #--------------------------------------------------------------------- > > ns_section "ns/server/${server}/module/nsopenssl" > > ns_param ServerPort $httpsport > > > > ns_section "ns/server/${server}/module/nsopenssl/sslcontexts" > > ns_param users "SSL context used for regular user > > access" > > ns_param client "SSL context used for outgoing script > > socket connections" > > > > ns_section "ns/server/${server}/module/nsopenssl/defaults" > > ns_param server users > > ns_param client client > > > > ns_section "ns/server/${server}/module/nsopenssl/sslcontext/users" > > ns_param Role server > > ns_param ModuleDir /etc/aolserver4/ssl/${server}/ > > ns_param CertFile server.crt > > ns_param Protocols "SSLv3, TLSv1" > > ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH: > > +MEDIUM:+LOW:+SSLv3:!SSLv2:+EXP" > > ns_param PeerVerify false > > ns_param PeerVerifyDepth 3 > > ns_param Trace false > > ns_param SessionCache true > > ns_param SessionCacheID 1 > > ns_param SessionCacheSize 512 > > ns_param SessionCacheTimeout 300 > > > > ns_section "ns/server/${server}/module/nsopenssl/sslcontext/client" > > ns_param Role client > > ns_param ModuleDir ${serverroot}/etc/certs > > ns_param CertFile certfile.pem > > ns_param KeyFile keyfile.pem > > ns_param Protocols "SSLv3, TLSv1" > > ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH: > > +MEDIUM:+LOW:+SSLv3:!SSLv2:+EXP" > > ns_param PeerVerify false > > ns_param PeerVerifyDepth 3 > > ns_param Trace false > > ns_param SessionCache true > > ns_param SessionCacheID 1 > > ns_param SessionCacheSize 512 > > ns_param SessionCacheTimeout 300 > > > > ns_section "ns/server/${server}/module/nsopenssl/ssldrivers" > > ns_param users "Driver for regular user access" > > > > ns_section "ns/server/${server}/module/nsopenssl/ssldriver/users" > > ns_param sslcontext users > > ns_param port $httpsport > > ns_param hostname $hostname > > ns_param address $address > > ns_param maxinput [expr 150 * 1024 * 1024] ;# in > > bytes > > ns_param recvwait [expr 60 * 60] ;# in minutes > > #--------------------------------------------------------------------- > > > > Any tips? Need more data? > > > > Cheers, Héctor > > > > > > -- > > AOLserver - http://www.aolserver.com/ > > > > To Remove yourself from this list, simply send an email to <[EMAIL > > PROTECTED] > > > with the > > body of "SIGNOFF AOLSERVER" in the email message. You can leave the > > Subject: field of your email blank. > > > -- > AOLserver - http://www.aolserver.com/ > > To Remove yourself from this list, simply send an email to <[EMAIL > PROTECTED]> with the > body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: > field of your email blank. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.