Openssl error: SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol


If you see similar errors as below when using openssl to test a https site, it is most likely caused by the SNI that is configured in the reverse proxy or server, like Nginx.

openssl s_client -connect bla.bla.com:443

CONNECTED(00000003)

51089:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.60.1/src/ssl/s23_clnt.c:618:

To make it work, you need to specify the hostname in the command, like this:

openssl s_client -connect bla.bla.com:443 -servername bla.bla.com

References: http://nginx.org/en/docs/http/configuring_https_servers.html#sni

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s