SSL23_GET_SERVER_HELLO:未知协议

SSL23_GET_SERVER_HELLO:unknown protocol

当 OpenSSL 在它从服务器理解的协议版本中接收到除 ServerHello 之外的其他内容时，会发生此错误.如果服务器使用纯(未加密)HTTP 进行响应，就会发生这种情况.如果服务器仅支持例如TLS 1.2 和客户端不了解该协议版本.通常，服务器至少向后兼容 SSL 3.0/TLS 1.0，但也许这个特定的服务器不是(通过实现或配置).

This error happens when OpenSSL receives something other than a ServerHello in a protocol version it understands from the server. It can happen if the server answers with a plain (unencrypted) HTTP. It can also happen if the server only supports e.g. TLS 1.2 and the client does not understand that protocol version. Normally, servers are backwards compatible to at least SSL 3.0 / TLS 1.0, but maybe this specific server isn't (by implementation or configuration).

不清楚您是否尝试通过 --no-check-certificate.如果这行得通，我会感到相当惊讶.

It is unclear whether you attempted to pass --no-check-certificate or not. I would be rather surprised if that would work.

一个简单的测试是使用 wget(或浏览器)请求 http://example.com:443(注意 http://，而不是 https://);如果它工作，SSL 没有在端口 443 上启用.要进一步调试这个，使用 openssl s_client 和 -debug 选项，在错误消息转储前几个OpenSSL 无法解析的服务器响应的字节数.这可能有助于识别问题，尤其是在服务器没有以 ServerHello 消息进行响应的情况下.要查看 OpenSSL 的确切期望，请检查源:在 ssl/s23_clnt.c 中查找 SSL_R_UNKNOWN_PROTOCOL.

A simple test is to use wget (or a browser) to request http://example.com:443 (note the http://, not https://); if it works, SSL is not enabled on port 443. To further debug this, use openssl s_client with the -debug option, which right before the error message dumps the first few bytes of the server response which OpenSSL was unable to parse. This may help to identify the problem, especially if the server does not answer with a ServerHello message. To see what exactly OpenSSL is expecting, check the source: look for SSL_R_UNKNOWN_PROTOCOL in ssl/s23_clnt.c.

无论如何，查看 apache 错误日志也可能提供一些见解.

In any case, looking at the apache error log may provide some insight too.