$ curl -I https://9.185.173.135
curl: (35) Unknown SSL protocol error in connection to 9.185.173.135:443
This is an secured page that I need to access. But I don’t know how to obtain its certificate file. I tried to use Firefox, but it says couldn’t get any ssl certificate once the url is entered.
$ curl -I http://9.185.173.135
HTTP/1.1 200 OK
Content-Length: 686
Content-Type: text/html
Content-Location: http://9.185.173.135/Default.htm
Last-Modified: Mon, 16 Mar 2009 05:05:38 GMT
Accept-Ranges: bytes
ETag: "a851dbd8f4a5c91:d41"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 13 Jul 2010 04:09:35 GMT
The server is definitely reachable from my laptop. Once I get the certificate file, I assume I can then import it to Firefox and then use my credentials to pass the authentication (I already got the username/password).
Sorry I am no expert in security at all. Is there anything else I can try?
Many thanks in advance.
asked Jul 13, 2010 at 4:11
Michael MaoMichael Mao
9,70823 gold badges75 silver badges91 bronze badges
4
try this
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); // Force SSLv3 to fix Unknown SSL Protocol error
answered Jun 5, 2013 at 11:44
4
To Rudi : Thanks for the hint, that tells me a hell lot of info.
Somehow the admin of the secured page «refreshes» the state of certifications every day. So although I got blocked from accessing it yesterday, it generously lets me to grab another certificate and add it to the exception list of Firefox.
So everything is working, and I really learn something from yesterday’s experience.
answered Jul 13, 2010 at 22:43
Michael MaoMichael Mao
9,70823 gold badges75 silver badges91 bronze badges
You can use --tlsv1 option to solve the issue in case the curl version is below 7.34
curl -I --tlsv1 https://9.185.173.135
answered Jul 16, 2019 at 6:21
1
In my case on a AIX VM also this problem, use --cacert to specific a cacert.pem
curl --cacert /var/ssl/cacert.pem https://localhost:3000
edbighead
4,9675 gold badges27 silver badges34 bronze badges
answered Jun 5, 2020 at 8:01
1
I got the same error when running curl/httpie against a Tomcat server on my localhost deployed from Eclipse. It turns out that default server.xml deployed by Eclipse disables https. Specifically, the section below is commented out in server.xml.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
After uncommenting it out and adding the two keystore parameters, the curl command starts working (with —insecure option if the certificate is self-signed).
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
keystoreFile="/path/to/your/keystore"
keystorePass="yourpass" />
answered Aug 17, 2016 at 20:22
Big PumpkinBig Pumpkin
3,5471 gold badge25 silver badges18 bronze badges
i have some solutions that fix the issue for me:
1] try update your curl/php/apache [ yum update ]
2] restart apache
Those worked for me!
answered Oct 19, 2017 at 8:06
mr.baby123mr.baby123
2,16822 silver badges12 bronze badges
I had the same error after updating my SSL certificate on the target SSL site.
My source OS was Centos 6 and updating to a new curl version solved it.
*Note I was already using the curl -k (insecure option) but I would still get that error. Essentially this error is caused by nss or openssl being out of date.
yum -y install curl nss openssl
Remember if you have a web application like PHP calling curl you will need to restart Apache to make the update take effect.
I’ve updated based on this guide: http://realtechtalk.com/curl_35_Unknown_SSL_protocol_error_in_connection_Solution_Centos-1988-articles
answered Apr 26, 2016 at 21:37
I had a similar issue:
curl https://localhost:3000
...
curl: (35) Unknown SSL protocol error in connection to localhost:-9847
(not sure where that number -9847came from since I requested port 3000)
fix: turns out my server on port 3000 was running «http» not «https» go figure.
answered Oct 4, 2018 at 6:04
rogerdpackrogerdpack
60.4k35 gold badges259 silver badges379 bronze badges
$ curl -I https://9.185.173.135
curl: (35) Unknown SSL protocol error in connection to 9.185.173.135:443
This is an secured page that I need to access. But I don’t know how to obtain its certificate file. I tried to use Firefox, but it says couldn’t get any ssl certificate once the url is entered.
$ curl -I http://9.185.173.135
HTTP/1.1 200 OK
Content-Length: 686
Content-Type: text/html
Content-Location: http://9.185.173.135/Default.htm
Last-Modified: Mon, 16 Mar 2009 05:05:38 GMT
Accept-Ranges: bytes
ETag: "a851dbd8f4a5c91:d41"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 13 Jul 2010 04:09:35 GMT
The server is definitely reachable from my laptop. Once I get the certificate file, I assume I can then import it to Firefox and then use my credentials to pass the authentication (I already got the username/password).
Sorry I am no expert in security at all. Is there anything else I can try?
Many thanks in advance.
asked Jul 13, 2010 at 4:11
Michael MaoMichael Mao
9,70823 gold badges75 silver badges91 bronze badges
4
try this
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); // Force SSLv3 to fix Unknown SSL Protocol error
answered Jun 5, 2013 at 11:44
4
To Rudi : Thanks for the hint, that tells me a hell lot of info.
Somehow the admin of the secured page «refreshes» the state of certifications every day. So although I got blocked from accessing it yesterday, it generously lets me to grab another certificate and add it to the exception list of Firefox.
So everything is working, and I really learn something from yesterday’s experience.
answered Jul 13, 2010 at 22:43
Michael MaoMichael Mao
9,70823 gold badges75 silver badges91 bronze badges
You can use --tlsv1 option to solve the issue in case the curl version is below 7.34
curl -I --tlsv1 https://9.185.173.135
answered Jul 16, 2019 at 6:21
1
In my case on a AIX VM also this problem, use --cacert to specific a cacert.pem
curl --cacert /var/ssl/cacert.pem https://localhost:3000
edbighead
4,9675 gold badges27 silver badges34 bronze badges
answered Jun 5, 2020 at 8:01
1
I got the same error when running curl/httpie against a Tomcat server on my localhost deployed from Eclipse. It turns out that default server.xml deployed by Eclipse disables https. Specifically, the section below is commented out in server.xml.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
After uncommenting it out and adding the two keystore parameters, the curl command starts working (with —insecure option if the certificate is self-signed).
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
keystoreFile="/path/to/your/keystore"
keystorePass="yourpass" />
answered Aug 17, 2016 at 20:22
Big PumpkinBig Pumpkin
3,5471 gold badge25 silver badges18 bronze badges
i have some solutions that fix the issue for me:
1] try update your curl/php/apache [ yum update ]
2] restart apache
Those worked for me!
answered Oct 19, 2017 at 8:06
mr.baby123mr.baby123
2,16822 silver badges12 bronze badges
I had the same error after updating my SSL certificate on the target SSL site.
My source OS was Centos 6 and updating to a new curl version solved it.
*Note I was already using the curl -k (insecure option) but I would still get that error. Essentially this error is caused by nss or openssl being out of date.
yum -y install curl nss openssl
Remember if you have a web application like PHP calling curl you will need to restart Apache to make the update take effect.
I’ve updated based on this guide: http://realtechtalk.com/curl_35_Unknown_SSL_protocol_error_in_connection_Solution_Centos-1988-articles
answered Apr 26, 2016 at 21:37
I had a similar issue:
curl https://localhost:3000
...
curl: (35) Unknown SSL protocol error in connection to localhost:-9847
(not sure where that number -9847came from since I requested port 3000)
fix: turns out my server on port 3000 was running «http» not «https» go figure.
answered Oct 4, 2018 at 6:04
rogerdpackrogerdpack
60.4k35 gold badges259 silver badges379 bronze badges
What if your cURL requests cannot connect your Website using SSL, isn’t it frustrating?
Usually, PHP cURL SSL connect error 35 occur due to version mismatch or outdated cURL package.
At Bobcares, we often get requests to fix SSL cURL errors, as a part of our Server Management Services.
Today, let’s see how our Support Engineers fix PHP cURL SSL connect error 35 for our customers.
What is PHP curl SSL connect error 35?
Before getting deeper into the error, firstly let’s understand what is PHP cURL.
cURL stands for Client for URL. Usually, PHP uses cURL to connect to the specified website URL. Here we are discussing cURL request to an SSL website.
In many situations, when a server tries to connect to an SSL website, the cURL request ends up in an error message.
cURL error (35): SSL connect error.The error message denotes that there is an error somewhere in SSL/TLS handshake. In short, the cURL error code 35 denotes an SSL connection error.
The error can be due to an outdated cURL package, connection errors or else a version mismatch between the PHP cURL and SSL protocol of the end server.
A sample error at a Drupal website will show up as:
How we fix the PHP cURL SSL connect error?
So far, we have seen what is PHP cURL SSL connect error. Our Dedicated Engineers with expertise over a decade usually fix this error for our customers.
As the first step of troubleshooting, we check the webserver log.
It gives a detailed summary of all the SSL/TLS handshakes. From this data, our experts find the exact reason for the timeout.
1. SSL protocol of destination site
In most cases, errors will be with the PHP cURL versions in the server.
For instance, the command-line cURL may be using the latest version and the SSL protocol may be outdated.
Meanwhile, if the server tries to connect to an endpoint with an older SSL protocol, it fails and ends up in cURL error 35. This is particularly applicable with outdated SSL protorcols like SSLv2, SSLv3.
So, we check the versions of the cURL and SSL protocol. Later, if there is any version mismatch, our Support Engineers update it to the latest.
2. Outdated cURL package
Similarly, an outdated cURL package in the servers shows up the SSL connect error. In this case, our Support Engineers check the cURL version in the server.
rpm -qa | grep curlThis command gives the currently used cURL version in the server.
Later, we update the cURL package to the latest version. After that, we update the Network Security Services (NSS) package on the server using:
yum update -y nssThis fixes the package and the error does not show up again.
3. Customizing cURL configuration
Some customers customize the cURL settings on the server. However, improper setting of the PHP cURL configuration file leads to error 35.
In such cases, our Support Team check the configuration file and correct it.
Here, we first confirm the availability of cURL module support for PHP with the command:
php -i | grep -i curlFor example, the correct settings appear as:
/etc/php.d/curl.ini,
curl
cURL support => enabled
cURL Information => 7.66.0We also ensure that the website uses the correct PHP version with cURL support.
4. Firewall restrictions
In many cases, the cURL SSL error can happen due to firewall restrictions on the server too. For example, when network administrators ban SSL connections, none of the data transactions to or from the server happens.
Thus, we always check the firewall on the server and ensure that the server accepts SSL port connections from selected APIs and networks.
[Still having trouble in fixing PHP cURL SSL connect error? – We’ll fix it for you.]
Conclusion
In short, PHP cURL SSL connect error 35 usually occur due to version mismatch of cURL and SSL, outdated cURL package, firewall restrictions and so on. Today, we also saw how our Support Engineers fix this error for our customers.
PREVENT YOUR SERVER FROM CRASHING!
Never again lose customers to poor server speed! Let us help you.
Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.
GET STARTED
var google_conversion_label = «owonCMyG5nEQ0aD71QM»;
[root@vagrant-centos65 you-get]# curl -v https://api.xxx.cn * About to connect() to api.xxx.cn port 443 (#0) * Trying 123.xxx.xx.xx... connected * Connected to api.xxx.cn (123.xxx.xx.xx) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -12286 * Closing connection #0 * SSL connect error curl: (35) SSL connect error [root@vagrant-centos65 you-get]# curl --version curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
asked Apr 22, 2016 at 7:18
If updating cURL doesn’t fix it, updating NSS should do the trick.
mwfearnley
3,1372 gold badges31 silver badges35 bronze badges
answered Dec 1, 2016 at 18:35
4
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
You are using a very old version of curl.
My guess is that you run into the bug described 6 years ago. Fix is to update your curl.
answered Apr 22, 2016 at 9:05
Steffen UllrichSteffen Ullrich
110k10 gold badges129 silver badges167 bronze badges
1
If you are using curl versions curl-7.19.7-46.el6.x86_64 or older. Please provide an option as -k1 (small K1).
answered Feb 3, 2017 at 13:47
1
$ curl -I https://9.185.173.135
curl: (35) Unknown SSL protocol error in connection to 9.185.173.135:443
This is an secured page that I need to access. But I don’t know how to obtain its certificate file. I tried to use Firefox, but it says couldn’t get any ssl certificate once the url is entered.
$ curl -I http://9.185.173.135
HTTP/1.1 200 OK
Content-Length: 686
Content-Type: text/html
Content-Location: http://9.185.173.135/Default.htm
Last-Modified: Mon, 16 Mar 2009 05:05:38 GMT
Accept-Ranges: bytes
ETag: "a851dbd8f4a5c91:d41"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 13 Jul 2010 04:09:35 GMT
The server is definitely reachable from my laptop. Once I get the certificate file, I assume I can then import it to Firefox and then use my credentials to pass the authentication (I already got the username/password).
Sorry I am no expert in security at all. Is there anything else I can try?
Many thanks in advance.
asked Jul 13, 2010 at 4:11
Michael MaoMichael Mao
9,70823 gold badges75 silver badges91 bronze badges
4
try this
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); // Force SSLv3 to fix Unknown SSL Protocol error
answered Jun 5, 2013 at 11:44
4
To Rudi : Thanks for the hint, that tells me a hell lot of info.
Somehow the admin of the secured page «refreshes» the state of certifications every day. So although I got blocked from accessing it yesterday, it generously lets me to grab another certificate and add it to the exception list of Firefox.
So everything is working, and I really learn something from yesterday’s experience.
answered Jul 13, 2010 at 22:43
Michael MaoMichael Mao
9,70823 gold badges75 silver badges91 bronze badges
You can use --tlsv1 option to solve the issue in case the curl version is below 7.34
curl -I --tlsv1 https://9.185.173.135
answered Jul 16, 2019 at 6:21
1
In my case on a AIX VM also this problem, use --cacert to specific a cacert.pem
curl --cacert /var/ssl/cacert.pem https://localhost:3000
edbighead
4,9675 gold badges27 silver badges34 bronze badges
answered Jun 5, 2020 at 8:01
1
I got the same error when running curl/httpie against a Tomcat server on my localhost deployed from Eclipse. It turns out that default server.xml deployed by Eclipse disables https. Specifically, the section below is commented out in server.xml.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
After uncommenting it out and adding the two keystore parameters, the curl command starts working (with —insecure option if the certificate is self-signed).
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
keystoreFile="/path/to/your/keystore"
keystorePass="yourpass" />
answered Aug 17, 2016 at 20:22
Big PumpkinBig Pumpkin
3,5471 gold badge25 silver badges18 bronze badges
i have some solutions that fix the issue for me:
1] try update your curl/php/apache [ yum update ]
2] restart apache
Those worked for me!
answered Oct 19, 2017 at 8:06
mr.baby123mr.baby123
2,16822 silver badges12 bronze badges
I had the same error after updating my SSL certificate on the target SSL site.
My source OS was Centos 6 and updating to a new curl version solved it.
*Note I was already using the curl -k (insecure option) but I would still get that error. Essentially this error is caused by nss or openssl being out of date.
yum -y install curl nss openssl
Remember if you have a web application like PHP calling curl you will need to restart Apache to make the update take effect.
I’ve updated based on this guide: http://realtechtalk.com/curl_35_Unknown_SSL_protocol_error_in_connection_Solution_Centos-1988-articles
answered Apr 26, 2016 at 21:37
I had a similar issue:
curl https://localhost:3000
...
curl: (35) Unknown SSL protocol error in connection to localhost:-9847
(not sure where that number -9847came from since I requested port 3000)
fix: turns out my server on port 3000 was running «http» not «https» go figure.
answered Oct 4, 2018 at 6:04
rogerdpackrogerdpack
60.4k35 gold badges259 silver badges379 bronze badges
$ curl -I https://9.185.173.135
curl: (35) Unknown SSL protocol error in connection to 9.185.173.135:443
This is an secured page that I need to access. But I don’t know how to obtain its certificate file. I tried to use Firefox, but it says couldn’t get any ssl certificate once the url is entered.
$ curl -I http://9.185.173.135
HTTP/1.1 200 OK
Content-Length: 686
Content-Type: text/html
Content-Location: http://9.185.173.135/Default.htm
Last-Modified: Mon, 16 Mar 2009 05:05:38 GMT
Accept-Ranges: bytes
ETag: "a851dbd8f4a5c91:d41"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 13 Jul 2010 04:09:35 GMT
The server is definitely reachable from my laptop. Once I get the certificate file, I assume I can then import it to Firefox and then use my credentials to pass the authentication (I already got the username/password).
Sorry I am no expert in security at all. Is there anything else I can try?
Many thanks in advance.
asked Jul 13, 2010 at 4:11
Michael MaoMichael Mao
9,70823 gold badges75 silver badges91 bronze badges
4
try this
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); // Force SSLv3 to fix Unknown SSL Protocol error
answered Jun 5, 2013 at 11:44
4
To Rudi : Thanks for the hint, that tells me a hell lot of info.
Somehow the admin of the secured page «refreshes» the state of certifications every day. So although I got blocked from accessing it yesterday, it generously lets me to grab another certificate and add it to the exception list of Firefox.
So everything is working, and I really learn something from yesterday’s experience.
answered Jul 13, 2010 at 22:43
Michael MaoMichael Mao
9,70823 gold badges75 silver badges91 bronze badges
You can use --tlsv1 option to solve the issue in case the curl version is below 7.34
curl -I --tlsv1 https://9.185.173.135
answered Jul 16, 2019 at 6:21
1
In my case on a AIX VM also this problem, use --cacert to specific a cacert.pem
curl --cacert /var/ssl/cacert.pem https://localhost:3000
edbighead
4,9675 gold badges27 silver badges34 bronze badges
answered Jun 5, 2020 at 8:01
1
I got the same error when running curl/httpie against a Tomcat server on my localhost deployed from Eclipse. It turns out that default server.xml deployed by Eclipse disables https. Specifically, the section below is commented out in server.xml.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
After uncommenting it out and adding the two keystore parameters, the curl command starts working (with —insecure option if the certificate is self-signed).
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
keystoreFile="/path/to/your/keystore"
keystorePass="yourpass" />
answered Aug 17, 2016 at 20:22
Big PumpkinBig Pumpkin
3,5471 gold badge25 silver badges18 bronze badges
i have some solutions that fix the issue for me:
1] try update your curl/php/apache [ yum update ]
2] restart apache
Those worked for me!
answered Oct 19, 2017 at 8:06
mr.baby123mr.baby123
2,16822 silver badges12 bronze badges
I had the same error after updating my SSL certificate on the target SSL site.
My source OS was Centos 6 and updating to a new curl version solved it.
*Note I was already using the curl -k (insecure option) but I would still get that error. Essentially this error is caused by nss or openssl being out of date.
yum -y install curl nss openssl
Remember if you have a web application like PHP calling curl you will need to restart Apache to make the update take effect.
I’ve updated based on this guide: http://realtechtalk.com/curl_35_Unknown_SSL_protocol_error_in_connection_Solution_Centos-1988-articles
answered Apr 26, 2016 at 21:37
I had a similar issue:
curl https://localhost:3000
...
curl: (35) Unknown SSL protocol error in connection to localhost:-9847
(not sure where that number -9847came from since I requested port 3000)
fix: turns out my server on port 3000 was running «http» not «https» go figure.
answered Oct 4, 2018 at 6:04
rogerdpackrogerdpack
60.4k35 gold badges259 silver badges379 bronze badges
Comments
bagder
added a commit
that referenced
this issue
Nov 12, 2018
bagder
added a commit
that referenced
this issue
Nov 13, 2018
bagder
added a commit
that referenced
this issue
Dec 2, 2018
Reported-by: Paul Howarth
Fixes #3261
pghmcfc
added a commit
to pghmcfc/curl
that referenced
this issue
Dec 3, 2018
NSS may be built without support for the latest SSL/TLS versions,
leading to "SSL version range is not valid" errors when the library
code supports a recent version (e.g. TLS v1.3) but it has explicitly
been disabled.
This change adjusts the maximum SSL version requested by libcurl to
be the maximum supported version at runtime, as long as that version
is at least as high as the minimum version required by libcurl.
Fixes curl#3261
pghmcfc
added a commit
to pghmcfc/curl
that referenced
this issue
Dec 4, 2018
NSS may be built without support for the latest SSL/TLS versions,
leading to "SSL version range is not valid" errors when the library
code supports a recent version (e.g. TLS v1.3) but it has explicitly
been disabled.
This change adjusts the maximum SSL version requested by libcurl to
be the maximum supported version at runtime, as long as that version
is at least as high as the minimum version required by libcurl.
Fixes curl#3261
lock
bot
locked as resolved and limited conversation to collaborators
Mar 5, 2019