Just installed Dradis CE on my Kali Box. When I go to the web interface, I get:
Secure Connection Failed
An error occurred during a connection to localhost:3000. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG
@rocco920 I’m Rachael with the Dradis support team. Let’s get this sorted out! What command are you running to get the start the Dradis server? (e.g. are you running in production?). Also, what version of Kali are you running?
Hi, I’m having the same issue.
An error occurred during a connection to localhost:3000. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG
I found a temporary fix by using http instead of https. This isn’t ok in the long run however.
I followed the Kali instructions very carefully.
I’m using the latest Kali, fully updated and everything.
This is the console output when I start the rails server:
root@kali:/usr/lib/dradis-ce/bin# bundle exec rails server
=> Booting Thin
=> Rails 5.1.3 application starting in development on http://localhost:3000
=> Run `rails server -h` for more startup options
Thin web server (v1.6.3 codename Protein Powder)
Maximum connections set to 1024
Listening on localhost:3000, CTRL+C to stop
Notice that the server is using http, not https.
By the way, during the dradis-ce setup, I didn’t notice any certificate creation.
N.B. I don’t know if it is related or not to the following problem, but it sounds similar.
The problem/solution is what @DamienDaco’s post says.
In production mode, Dradis/Rails forces to use https.
But in production mode the idea is to have in front of the ruby server a web server (nginx?) with ssl enabled.
If you want to use production mode in your local environment, you can:
disable ssl: edit environment/production.rb and set config.force_ssl = false
enable ssl in your ruby web server. If you are running thin@DamienDaco it looks like
it is as simple as running bundle exec thin start --ssl
Also, If you run once the app in production/https, and later want to rollback to development/http, you may notice that the browser (chrome) keeps redirecting you the the https version. This is due to the fact that config.force_ssl = true sets the HSTS header. This may be disabled by visiting chrome://net-internals/#hsts or by reloading with “Empty Cache and Hard Reload” (both solutions detailed here: Google Chrome redirecting localhost to https - Stack Overflow)