curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Question

I am trying to connect my remote nginx server which is configured to use ssl.

I fired a command

$curl  https://10.73.80.197:8080/

but after that i am getting error. Here is the whole log-

* Hostname was NOT found in DNS cache
*   Trying 10.73.80.197...
* Connected to 10.73.80.197 (10.73.80.197) port 80 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Closing connection 0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Are you sure that your server is configured to use SSL at port 8080? This is a port typically associated with HTTP only (i.e. no SSL). Have you tried with a web browser? — Steffen Ullrich, Sep 03 '15 at 10:46
yah..... here is my /etc/nginx/sites-enabled/docker-registry file # For versions of Nginx > 1.3.9 that include chunked transfer encoding support # Replace with appropriate values where necessary upstream docker-registry { server localhost:5000; } server { listen 8080; server_name gslab.dockerregistry.com; ssl on; ssl_certificate /etc/ssl/certs/gslab-docker-registry.com.crt; ssl_certificate_key /etc/ssl/private/gslab-docker-registry.com.key; ................... — Yogesh Jilhawar, Sep 04 '15 at 05:42
Hello Steffen, I am following article at https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04. The problem is solved. I checked firewall configuration on server and allowed port 8080 by using ufw commands. Now its fine n in working state. Thanks for your reply. — Yogesh Jilhawar, Sep 04 '15 at 05:53

score 7 · Answer 1 · answered Nov 21 '18 at 13:45

as explained in several other articles:

curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Curl returns "Unknown protocol"

this kind of curl error is often the result of using a web proxy over https instead of http

you should check your https_proxy env variable

if you have something like

https://myproxy.example.com:8080/

then you should change and set the following

https_proxy=http://myproxy.example.com:8080/

score 0 · Answer 2 · answered Jan 22 '21 at 15:06

I encountered this today and in my case it was a misconfiguration in my nginx.conf file. My configuration contained something like this:

server {
    listen       443;
    listen       [::]:443;
    # Single underscore means 'matches any server name'
    server_name  _;
    root         /usr/share/nginx/html;

    # Only allow more recent (still secure) versions of TLS
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    # Explicitly set list of supported ciphers
    ssl_ciphers ECDH+AESGCM:ECDH+AES256-CBC:ECDH+AES128-CBC:DH+3DES:!ADH:!AECDH:!MD5;

    ssl_certificate "/etc/pki/atmloader/server.crt";
    ssl_certificate_key "/etc/pki/atmloader/server.pem";

    # ...
}

but it should have looked like this:

server {
    listen       443 ssl;
    listen       [::]:443 ssl;
    # Single underscore means 'matches any server name'
    server_name  _;
    root         /usr/share/nginx/html;

    # Only allow more recent (still secure) versions of TLS
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    # Explicitly set list of supported ciphers
    ssl_ciphers ECDH+AESGCM:ECDH+AES256-CBC:ECDH+AES128-CBC:DH+3DES:!ADH:!AECDH:!MD5;

    ssl_certificate "/etc/pki/atmloader/server.crt";
    ssl_certificate_key "/etc/pki/atmloader/server.pem";

    # ...
}

Notice the missing ssl in the listen parameter values.

A copy-and-paste mistake on my part when copying configuration that was originally created for a non-HTTPS port.

curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

2 Answers2