Mattermost, Inc.

Troubleshooting: Token request failed - tls: oversized record received with length 20527

Always this error:
[EROR] /signup/gitlab/complete:AuthorizeOAuthUser code=500 rid=xxx uid= ip=xxx Token request failed [details: Post https://xxx.domain.com/oauth/token: tls: oversized record received with length 20527]

Also see: https://gitlab.com/gitlab-org/gitlab-mattermost/issues/43

Our self signed certificate (CA) was created with SHA512, also the one, that the reverse proxy used in front of gitlab and mattermost. And the oauth workflow was running over the official routing through the reverse proxy. I think, that could be a problem with mattermosts certificate/tls handling in combination with strong certificates like ours SHA512 bit.

Hi @manuel, does your setup work if you use a smaller self-signed certificate?

Hey @it33, I can’t test this with an 256bit certificate. Our reverse proxy is not under my control.
I thought you have an lab environment and can test this behavior with an 512bit cert!?

If your certificate was obtained from a major certificate authority (e.g. GoDaddy.com), its setup can be verified with publicly available tools.

If someone else generated the certificate for you via an internal certificate authority the first step is to verify that it’s working for systems other than Mattermost, whether 256 or 512.

Please see these troubleshooting steps and confirm with whoever provided the certificate that it can be successfully applied to another system and verified?

I must provide the mattermost service inside gitlab. But after upgrade to 8.3.x a 502 Error shown!?

@it33, please, please check and test a self signed 512bit cert with mattermast!
Can this really the error?