SSL routines:ssl3_get_record:wrong version number with OpenSSL 1.1.1d

Questions/problems on Docker
Post Reply
rocketgib
Posts: 1
Joined: Mon Jan 13, 2020 4:31 am

SSL routines:ssl3_get_record:wrong version number with OpenSSL 1.1.1d

Post by rocketgib » Mon Jan 13, 2020 4:44 am

Hello,

I've been browsing around these forums and it appears that there is some sort of trend when it comes to SSL connectivity via CURL to the latest version of Document Server.

I've been fighting for over a month after mysteriously my document server is no longer accessible to Nextcloud. After further review, it appears that I am getting this error constantly in the error log:

Code: Select all

[onlyoffice] Error: HealthcheckRequest on check error: cURL error 35: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)

PUT /apps/onlyoffice/ajax/settings/address
from 72.210.119.86 by koori at 2020-01-13T04:34:54+00:00
To add to this, we are using LetsEncrypt. We just recently upgraded our certificate too. The server is accessible via Port 443 just fine (from my browser). However, I have a port mapping to 80 from 9080 internally in my config file (for the service listener). It seems nothing I've found really has the answer to this but I've verified that my certificates are valid and are installed properly by certbot. My document server is running on Docker as well, and the container has been rebuilt several times just to troubleshoot.

My NGINX error log is also spamming this (IP address omitted for security):

Code: Select all

2020/01/13 03:38:33 [crit] 11551#11551: *173835 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low) while SSL handshaking, client: 72.xxx.xxx.xxx, server: 0.0.0.0:443
2020/01/13 03:39:33 [crit] 11551#11551: *173850 SSL_do_handshake() failed (SSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol) while SSL handshaking, client: 72.xxx.xxx.xxx, server: 0.0.0.0:443
I just checked and OpenSSL is currently running at 1.1.1d, which is the latest version for Ubuntu 18.

Also, I did try a suggestion for Nextcloud and add the "verify_peer_off" option but to no avail either.

Has anyone come across this before? Any suggestions on where to begin?

Alexandre
Posts: 124
Joined: Thu Dec 12, 2019 11:08 am

Re: SSL routines:ssl3_get_record:wrong version number with OpenSSL 1.1.1d

Post by Alexandre » Fri Jan 17, 2020 11:20 am

Hello rocketgib.
Please provide us some additional information:
1. Did error occur after SSL cert update?
2. Did you stop all services which used port 80 before cert update?
3. Am I right, set true in line 'verify_peer_off' at Nextcloud config file didn’t make a result?
4. Check your updated cert via https://www.sslshopper.com/certificate-decoder.html. Tell us if service notifies you about some issue.

Post Reply