Menu
Even though there's a lot of results on Google none of them seem to give an answer. I have a Debian box where I do this:
# curl https://localhost/api/v1/status --verbose * About to connect() to localhost port 443 (#0) * Trying ::1... * connected * Connected to localhost (::1) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol * Closing connection #0 curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol I can't get passed the unknown protocol thing. I've tried -ssl -sslv3 but they get me nowhere. Actually, -sslv3 gets me slightly different results:
s# curl https://localhost/api/v1/status --verbose -sslv3 * About to connect() to localhost port 443 (#0) * Trying ::1... * connected * Connected to localhost (::1) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS alert, Server hello (2): * error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number * Closing connection #0 My virtualhost is configured as thus (fragment):
SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /etc/apache2/ssl.key/xxx/ssl.cert SSLCertificateKeyFile /etc/apache2/ssl.key/xxx/xxx.xxx.key # Server Certificate Chain: SSLCertificateChainFile /etc/apache2/ssl.key/sub.class1.server.ca.pem # Certificate Authority (CA): SSLCACertificateFile /etc/apache2/ssl.key/ca.pem <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown Any help would be highly appreciated.
edit: Update I think I found my own problem!
The Virtual Host was bound to the external interface, and curl was trying to connect over localhost. So it never ended up at the configured virtual host.
To fix this, I have created a new VirtualHost entry bound to 127.0.0.1:80 that only allows connections from localhost. For my purposes, that is enough.
857
The cURL error 35 can appear when the cURL function cannot connect to your website using SSL. Curl often uses a different set of certificates, shipped with PHP. There are several things that can cause this problem, in most cases updating both cURL and PHP to a newer version will resolve this issue.
If you see an error like this: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol , it could be due to you typing the hostname incorrectly or the hostname is not yet tabled in your DNS. You can verify that with a simple "host" or "nslookup".
In short, the cURL error code 35 denotes an SSL connection error. The error can be due to an outdated cURL package, connection errors, or else a version mismatch between the PHP cURL and SSL protocol of the end server.
Although it is not the case of the OP, the error "Unknown protocol" in cURL appears when you accidentally trying to call HTTP server using HTTPS, usually during local development.
Just mentioning it in case someone Googles this error and lands here.
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
175
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
