curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Solution 1
* Uses proxy env variable http_proxy == 'https://proxy.in.tum.de:8080' ^^^^^
The https://
is wrong, it should be http://
. The proxy itself should be accessed by HTTP and not HTTPS even though the target URL is HTTPS. The proxy will nevertheless properly handle HTTPS connection and keep the end-to-end encryption. See HTTP CONNECT method for details how this is done.
Solution 2
If anyone is getting this error using Nginx, try adding the following to your server config:
server {
listen 443 ssl;
...
}
The issue stems from Nginx serving an HTTP server to a client expecting HTTPS on whatever port you're listening on. When you specify ssl
in the listen
directive, you clear this up on the server side.
Solution 3
Simple answer
If you are behind a proxy server, please set the proxy for curl. The curl is not able to connect to server so it shows wrong version number. Set proxy by opening subl ~/.curlrc or use any other text editor. Then add the following line to file:
proxy= proxyserver:proxyport
For e.g. proxy = 10.8.0.1:8080
If you are not behind a proxy, make sure that the curlrc file does not contain the proxy settings.
Solution 4
This is a telltale error that you are serving HTTP from the HTTPS port.
You can easily test with telnet
telnet FQDN 443
GET / HTTP/1.0
[hit return twice]
and if you see regular HTTP document here [not some kind of error], you know that your configuration is incorrect and the responding server is not SSL encrypting the response.
Solution 5
Also check your /etc/hosts
file. Wasted 2 hours on this. If you have an url rerouted to 127.0.0.1 or any other loopback, this will fail the ssl handshake.
Related videos on Youtube
![Bernhard Jaeger](https://i.stack.imgur.com/S0Oau.jpg?s=256&g=1)
Bernhard Jaeger
I study Master Computer Science at the University of Tübingen. My main points of interests are Machine Learning, Computer Vision and Computer Graphics.
Updated on May 02, 2022Comments
-
Bernhard Jaeger about 2 years
When I try to connect to any server (e.g. google.com) using curl (or libcurl) I get the error message:
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Verbose output:
$ curl www.google.com --verbose * Rebuilt URL to: www.google.com/ * Uses proxy env variable no_proxy == 'localhost,127.0.0.1,localaddress,.localdomain.com' * Uses proxy env variable http_proxy == 'https://proxy.in.tum.de:8080' * Trying 131.159.0.2... * TCP_NODELAY set * Connected to proxy.in.tum.de (131.159.0.2) port 8080 (#0) * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * error:1408F10B:SSL routines:ssl3_get_record:wrong version number * Closing connection 0 curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number'
For some reason curl seems to use TLSv1.3 even if I force it to use TLSv1.2 with the command --tlsv1.2 (it will still print TLSv1.3 (OUT), ..." I am using the newest version of both Curl and OpenSSL :
$ curl -V curl 7.61.0-DEV (x86_64-pc-linux-gnu) libcurl/7.61.0-DEV OpenSSL/1.1.1 zlib/1.2.8 Release-Date: [unreleased] Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy
I think this is a problem related to my installation of the programms. Can somebody explain to me what this error message means?
-
tedyyu over 2 yearsWhy exposing your real proxy
-
-
Dr.X about 5 yearsif you have this error in Docker, exposing port 443 to public fixed this problem
-
normic almost 4 yearsthx, this led me to the solution, simply missed the 'ssl' in the mentioned nginx config line
-
arturas about 3 yearsssl was an issue for me too
-
akostadinov over 2 yearsFunny thing. This helped me understand that a site was blocked in Ukraine. After reading this answer I did
curl http://siteiwouldnotmention.com:443/
and I saw the message that site was intentionally blocked. -
AnthonyT about 2 yearsThis also worked for me, thanks!
-
Mijo about 2 yearsSaved me with traffic server, where I forgot to add SSL after the port 443 in records.config.
-
P.D almost 2 yearsIf see this error when you push code to git, delete the HTTPS_PROXY from environment variables. There is an option to add this in intellij via HTTP Porxy Settings for local testing.