apache - Curl returns "Unknown protocol"

Question

Even though there's a lot of results on Google none of them seem to give an answer. I have a Debian box where I do this:

# curl https://localhost/api/v1/status --verbose
* About to connect() to localhost port 443 (#0)
*   Trying ::1...
* connected
* Connected to localhost (::1) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Closing connection #0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

I can't get passed the unknown protocol thing. I've tried -ssl -sslv3 but they get me nowhere. Actually, -sslv3 gets me slightly different results:

s# curl https://localhost/api/v1/status --verbose -sslv3
* About to connect() to localhost port 443 (#0)
*   Trying ::1...
* connected
* Connected to localhost (::1) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Server hello (2):
* error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
* Closing connection #0

My virtualhost is configured as thus (fragment):

    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

    SSLCertificateFile    /etc/apache2/ssl.key/xxx/ssl.cert
    SSLCertificateKeyFile /etc/apache2/ssl.key/xxx/xxx.xxx.key

    #   Server Certificate Chain:
    SSLCertificateChainFile /etc/apache2/ssl.key/sub.class1.server.ca.pem

    #   Certificate Authority (CA):
    SSLCACertificateFile /etc/apache2/ssl.key/ca.pem

    <FilesMatch ".(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
            SSLOptions +StdEnvVars
    </Directory>
    BrowserMatch "MSIE [2-6]" 
            nokeepalive ssl-unclean-shutdown 
            downgrade-1.0 force-response-1.0
    # MSIE 7 and newer should be able to use keepalive
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

Any help would be highly appreciated.

edit: Update I think I found my own problem!

The Virtual Host was bound to the external interface, and curl was trying to connect over localhost. So it never ended up at the configured virtual host.

To fix this, I have created a new VirtualHost entry bound to 127.0.0.1:80 that only allows connections from localhost. For my purposes, that is enough.

Answer 1

Although it is not the case of the OP, the error "Unknown protocol" in cURL appears when you accidentally trying to call HTTP server using HTTPS, usually during local development.
Just mentioning it in case someone Googles this error and lands here.

curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol