web server at trac.roundcube.net is listening on port 443 without wrapping it in TLS (https)

[dkg]

It appears that the web server running at trac.roundcube.net is configured to listen to port 443 without providing TLS-wrapped transport. So connections to ​https://trac.roundcube.net/ fail with weird messages like:

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

It appears to be serving plaintext HTTP over the HTTPS port:

0 dkg@pip:~$ printf 'GET /does-not-exist HTTP/1.0\r\nHost: trac.roundcube.net\r\n\r\n' | nc trac.roundcube.net 443 | head
HTTP/1.1 404 Not Found
Date: Thu, 12 Apr 2012 21:02:00 GMT
Server: Apache/2.2.16 (Debian) DAV/2 SVN/1.6.12 mod_fcgid/2.3.6 PHP/5.3.3-7+squeeze8 with Suhosin-Patch mod_python/3.3.1 Python/2.6.6 mod_ssl/2.2.16 OpenSSL/0.9.8o
Cache-Control: must-revalidate
Expires: Fri, 01 Jan 1999 00:00:00 GMT
Content-Length: 4004
Set-Cookie: trac_form_token=e46d0634de0db5d98c95f306; Path=/
Set-Cookie: trac_session=af83a4328a212aa2da06fb69; expires=Wed, 11-Jul-2012 21:02:00 GMT; Path=/
Connection: close
Content-Type: text/html;charset=utf-8
0 dkg@pip:~$ 

You should either configure and serve HTTPS (which would be great!) or you should stop the server from listening port 443.

Thanks for maintaining roundcube!

[adam]

Should be fixed now.

[dkg]

Thanks, that was quick!