4

Please consider two curl commands:

curl -v --ssl https://example.com

* About to connect() to example.com port 443 (#0)
*   Trying 10.20.30.40...
* connected
* Connected to example.com (10.20.30.40) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112)
* Closing connection #0
curl: (35) error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112)

curl -v -3 --ssl https://example.com

 About to connect() to example.com port 443 (#0)
*   Trying 10.20.30.40...
* connected
* Connected to example.com (10.20.30.40) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
*      subject: (certificate token etc.)
*      start date: 2013-03-24 12:59:13 GMT
*      expire date: 2014-03-28 05:41:38 GMT
*      subjectAltName: example.com matched
*      issuer: C=US; O=GeoTrust, Inc.; CN=RapidSSL CA
*      SSL certificate verify ok.
> GET /status.php HTTP/1.1
> User-Agent: curl/7.25.0 (x86_64-unknown-linux-gnu) libcurl/7.25.0 OpenSSL/0.9.8o zlib/1.2.7 libidn/1.15 libssh2/1.2.6
> Host: example.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Mon, 23 Sep 2013 11:00:51 GMT
< Server: Apache
< Content-Length: 195
< Connection: close
< Content-Type: text/plain; charset=utf-8
<
(html there)
* Closing connection #0
* SSLv3, TLS alert, Client hello (1)

Parameters:

  • -v = verbose
  • --ssl = use SSL
  • -3 = use SSLv3

Question is: why such SSL23_GET_SERVER_HELLO:reason(1112) error? How to fix it? Is it the client or server (https server) issue?

I wouldn't mind to use curl with -3 parameter, but same problem appears when using PHP's file_get_contents() function. I know there are PHP's workarounds but I want to make things done properly.

Peter
  • 167
  • 1
  • 3
  • 16

1 Answers1

3

I found the issue

ServerName example.com:443

was missing in ssl.conf configuration

Peter
  • 167
  • 1
  • 3
  • 16
  • Great fix! Oddly, upgrading from OpenSSL 0.9.8y to 1.0.1g may also be a solution: http://stackoverflow.com/questions/22563509/unable-to-solve-this-error-error14077458ssl-routinesssl23-get-server-hellor/22766560#comment38619919_22766560 – Philip Durbin Jul 21 '14 at 18:07