CODEWITHSUNDEEP
sslcurlhttps
Yogesh Jilhawar
Yogesh Jilhawar

Reputation: 6323

curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

I am trying to connect my remote nginx server which is configured to use ssl.

I fired a command 

$curl  https://10.73.80.197:8080/

but after that i am getting error. Here is the whole log- 

* Hostname was NOT found in DNS cache
*   Trying 10.73.80.197...
* Connected to 10.73.80.197 (10.73.80.197) port 80 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Closing connection 0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Upvotes: 8

Views: 31486

Answers (2)

Jim Tough
Jim Tough

Reputation: 15239

I encountered this today and in my case it was a misconfiguration in my nginx.conf file. My configuration contained something like this:

server {
    listen       443;
    listen       [::]:443;
    # Single underscore means 'matches any server name'
    server_name  _;
    root         /usr/share/nginx/html;

    # Only allow more recent (still secure) versions of TLS
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    # Explicitly set list of supported ciphers
    ssl_ciphers ECDH+AESGCM:ECDH+AES256-CBC:ECDH+AES128-CBC:DH+3DES:!ADH:!AECDH:!MD5;

    ssl_certificate "/etc/pki/atmloader/server.crt";
    ssl_certificate_key "/etc/pki/atmloader/server.pem";

    # ...
}

but it should have looked like this:

server {
    listen       443 ssl;
    listen       [::]:443 ssl;
    # Single underscore means 'matches any server name'
    server_name  _;
    root         /usr/share/nginx/html;

    # Only allow more recent (still secure) versions of TLS
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    # Explicitly set list of supported ciphers
    ssl_ciphers ECDH+AESGCM:ECDH+AES256-CBC:ECDH+AES128-CBC:DH+3DES:!ADH:!AECDH:!MD5;

    ssl_certificate "/etc/pki/atmloader/server.crt";
    ssl_certificate_key "/etc/pki/atmloader/server.pem";

    # ...
}

Notice the missing ssl in the listen parameter values.

A copy-and-paste mistake on my part when copying configuration that was originally created for a non-HTTPS port.

Upvotes: 1

Cyril Chaboisseau
Cyril Chaboisseau

Reputation: 478

as explained in several other articles:

curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Curl returns "Unknown protocol"

this kind of curl error is often the result of using a web proxy over https instead of http

you should check your https_proxy env variable

if you have something like

https://myproxy.example.com:8080/

then you should change and set the following

https_proxy=http://myproxy.example.com:8080/

Upvotes: 7

Related Questions