[sslh] sslh not working together with curl
Borkenkaefer
borkenkaefer at abelo.ch
Wed Feb 4 19:20:53 CET 2015
Hello
> But if I try to use curl I get the error message:
> curl -vvv https://host
> * Trying 2a01:13....
> * Connected to host (2a...) port 443 (#0)
> * successfully set certificate verify locations:
> * CAfile: /usr/local/share/certs/ca-root-nss.crt
> CApath: none
> * TLSv1.2, TLS handshake, Client hello (1):
> * error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
> * Closing connection 0
> curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol
>
What webserver are you using with what ssl ciphers? What's the version
of curl? Are you accessing from the same host or from remote?
I had the same problem on a debian wheezy system where the curl version
is too old to support the ssl ciphers I specified in my webserver
config. I tried to access port 443 with curl on the same host as sslh
was running.
As workaround I did following:
- iptables redirect: a redirect from port 443 to the webservers
ssl-port (for example 4443) when accessing from the local machine.
- removed the native ipv6 address mapping in /etc/hosts (so curl has to
look up the dns resolvers), because iptables on debian wheezy doesn't
support redirects for ipv6.
I hope this helps you somehow.
b.
More information about the sslh
mailing list