error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
It appears there is no SSL/TLS server listening on 10.0.10.90:50060. There is a server listening, its just not SSL/TLS.
I can duplicate it when connecting to my gateway over port 80 (rather than 443).
$ openssl s_client -connect 192.168.1.1:80
CONNECTED(00000003)
140735109476828:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:787:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 517 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
And if you use the -debug
flag, you will see the HTTP
in the response that OpenSSL is trying to interpret as SSL/TLS protocol data:
$ openssl s_client -connect 192.168.1.1:80 -debug
CONNECTED(00000003)
write to 0x7fbf58422b90 [0x7fbf58811800] (348 bytes => 348 (0x15C))
0000 - 16 03 01 01 57 01 00 01-53 03 03 64 1d 01 29 f0 ....W...S..d..).
...
0150 - 03 02 01 02 02 02 03 00-0f 00 01 01 ............
read from 0x7fbf58422b90 [0x7fbf58816e00] (7 bytes => 7 (0x7))
0000 - 48 54 54 50 2f 31 2e HTTP/1.
140735203164636:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
Saurabh Gokhale
Updated on July 23, 2022Comments
-
Saurabh Gokhale almost 2 years
I'm currently trying to test the implemented changes for achieving security with Encrypted Shuffle in Cloudera Hadoop Environment.
I've created the certificates and keystores and kept them in appropriate locations.
I'm testing TaskTracker's HTTPS port of 50060.
When I do a curl on that port, I get below error response.
ubuntu@node2:~$ curl -v -k "https://10.0.10.90:50060" * About to connect() to 10.0.10.90 port 50060 (#0) * Trying 10.0.10.90... connected * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol * Closing connection #0 curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
When I did check with open ssl client, i got below response
ubuntu@node2:~$ openssl s_client -connect 10.0.10.90:50060 CONNECTED(00000003) 139749924464288:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:749: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 225 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE ---
I'm not able to figure out what might be causing this issue ?
Is there something that I'm missing ?
PS : I've updated the
ca-certificates.crt
file and also kept the server.crt
file under/usr/share/ca-certificates/mozilla
-
func0der over 8 yearsI had this issue with my apache server. The access logs told me something like this:
my.host.com:80 [IPv6_address] - - [24/Jan/2016:00:29:23 +0100] "\x16\x03\x01\x02" 400 0 "-" "-"
ormy.host.com:443 [IPv6_address] - - [24/Jan/2016:00:29:23 +0100] "\x16\x03\x01\x02" 400 0 "-" "-"
which I found very odd. But the answer was right in there: the IPv6 address which the clients used to connect. Why? I do not know. But you answer gave me the final hint: No one was listening for them. So no match here.