javascriptsslfirefox-os

Firefox OS TCPSocket API : SSL received a record that exceeded the maximum permissible length


Is it possible to turn off SSL cert verification in Firefox OS? I have Geeksphone dev preview and try to make IMAP client via TCPSocket API, but server cert is somehow invalid. I got this error:

SSL received a record that exceeded the maximum permissible length.
(Error Code: ssl_error_rx_record_too_long) 

My TCPSocket initializacion is as follows

var TCPSocket = navigator.mozTCPSocket.open(
        "mbp.telekom.de",
        993,
        {useSSL:'starttls'}
    );

When I try to connect to GMail or another account, everything works OK.

Is this really server cert error or is it something else?

Thanks


Solution

  • Turning off the certificate verification is generally a bad idea and unlikely to help. The error says ssl_error_rx_record_too_long, and record that is too long is just too long, whether you choose to accept any certificate or not. This type of error tends to be caused by a record that is "too long for SSL/TLS", that is, some message that isn't valid SSL/TLS at all.

    There are a few other problems here.

    You could in principle implement your IMAP client to upgrade the connection to SSL/TLS after using the STARTTLS command, but you'd need to be able to upgrade the same socket to SSL/TLS. I can't see anything in the TCPSocket documentation that would allow this (in the same way as SSLSocketFactory.createSocket(Socket, ...) does in Java, for example).

    EDIT:

    After a quick look at the TCPSocket.js source code, it seems that it does support starttls indeed, but this only makes sense with the undocumented upgradeToSecure method.

    You might be able to implement IMAP+STARTTLS this way: initiate a plain IMAP connection, and then upgrade to SSL/TLS with the STARTTLS command, as described in RFC 2595. This is normally done on port 143, but since your server is (rather incorrectly) configured for this on port 993, it should work there too.