SSL Error on HTTP POST (Unknown Protocol)
Specifying the port when creating the HTTP client fixed this problem.
http = Net::HTTP.new(API_URI.host, API_URI.port)
or
http = Net::HTTP.new(API_URI.host, 443)
What does Unknown SSL protocol error mean?
That usually means the remote server did not provide a SSL/TLS response. Rather, the remove server sent a web page in response to the ClientHello
and the local client tried to interpret the HTML as a ServerHello
.
You can simulate it with openssl s_client -connect www.google.com:80
. In this example, port 80 will clearly get you a web page rather than a ServerHello
. The line of interest is the one that begins with read from ...
.
$ openssl s_client -connect www.google.com:80 -debug
CONNECTED(00000003)
write to 0x7fe933c22a70 [0x7fe934013600] (308 bytes => 308 (0x134))
0000 - 16 03 01 01 2f 01 00 01-2b 03 03 2e 0b 3b 5f 7a ..../...+....;_z
...
0120 - 02 04 03 03 01 03 02 03-03 02 01 02 02 02 03 00 ................
0130 - 0f 00 01 01 ....
read from 0x7fe933c22a70 [0x7fe934018c00] (7 bytes => 7 (0x7))
0000 - 48 54 54 50 2f 31 2e HTTP/1.
140735324471772:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:787
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 308 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
Unknown SSL protocol error in connection
According to bitbucket knowledgebase it may also be caused by the owner of the repository being over the plan limit.
If you look further down the page it seems to also be possible to trig this error by using a too old git version (1.7 is needed at the moment).
Python requests gives SSL unknown protocol
.... https://my-url.com:8080/my-api/reports
...But when I send the request as http instead of https, it (usually) works fine.
My guess is that you are trying the same port 8080 for http and https. But, servers usually listen on a single port either for http or https and not both. This means that if your client is trying to start the TLS handshake needed for https against this port it will get a plain error message back. The client then tries to interpret this error message as TLS and returns some weird error messages, because the response is not TLS at all.
Unable to establish SSL connection, how do I fix my SSL cert?
SSL23_GET_SERVER_HELLO:unknown protocol
This error happens when OpenSSL receives something other than a ServerHello
in a protocol version it understands from the server. It can happen if the server answers with a plain (unencrypted) HTTP. It can also happen if the server only supports e.g. TLS 1.2 and the client does not understand that protocol version. Normally, servers are backwards compatible to at least SSL 3.0 / TLS 1.0, but maybe this specific server isn't (by implementation or configuration).
It is unclear whether you attempted to pass --no-check-certificate
or not. I would be rather surprised if that would work.
A simple test is to use wget
(or a browser) to request http://example.com:443
(note the http://
, not https://
); if it works, SSL is not enabled on port 443. To further debug this, use openssl s_client
with the -debug
option, which right before the error message dumps the first few bytes of the server response which OpenSSL was unable to parse. This may help to identify the problem, especially if the server does not answer with a ServerHello
message. To see what exactly OpenSSL is expecting, check the source: look for SSL_R_UNKNOWN_PROTOCOL
in ssl/s23_clnt.c
.
In any case, looking at the apache error log may provide some insight too.
How to fix 'OpenSSL::SSL::SSLError' error in Ruby?
This error usually occurs if you try to establish an encrypted connection to a server that doesn't expect this. Port 587 typically requires the use of STARTTLS
after first establishing an unecrypted connection. Try removing tls: true
in your configuration and using enable_starttls_auto: true
instead.
OpenSSL error when making http request in Ruby
http.use_ssl = true
UPDATE: The error gets fixed when I change http to https. What is going on?
A http URL by default uses port 80 and there is usually a server which speaks HTTP only. A https URL instead uses port 443 where a server speaking HTTPS resides. But, you are trying to enforce HTTPS (i.e. TLS+HTTP) on the http port where no TLS capable server listens. This means that your client starts a TLS handshake to this server but does not get a TLS response back but instead a HTTP response. Trying to interpret the response as TLS causes the error you see, i.e. unknown protocol.
node-request - Getting error SSL23_GET_SERVER_HELLO:unknown protocol
This was totally my bad.
I was using standard node http.request on a part of the code which should be sending requests to only http adresses. Seems like the db had a single https address which was queried with a random interval.
Simply, I was trying to send a http request to https.
Related Topics
Getting Remove_Entry_Secure Error While Using Ruby Application
How to Profile Rspec with Perftools and Bundler
Normal Variables VS Instance Variable in Ruby, Whats the Difference
Rvm with Jruby 1.7.0 "Unknown Ruby Interpreter"
How to Make Block Local Variables the Default in Ruby 1.9
Running a Shell Command from Ruby: Capturing the Output While Displaying the Output
How to Access a Variable Within a Heredoc in Ruby
Access Localhost on MAC from Xcode? Phonegap Communicating with Ajax to a Local Rails App
"Error: Sql.H Not Found" When Installing Ruby-Odbc Gem on Ubuntu
Re-Opened Nested Module Anomaly in Ruby
How to Declare a Rake Task That Depends on a Parameterized Task
How to Extend a Class from an Initializer and Have It Reload in Development Environment
Sinatra + Heroku + Datamapper Deploy Issues with Dm-Sqlite-Adapter
Undefined Method 'Devise' When Including User Model Outside Rails
Disable Devise's :Confirmable On-The-Fly to Batch-Generate Users