Dev Solve

English

中文
日本語

English

中文
日本語

Appearance

Related Posts

ES Modules in Node.js: package.json type field

Fixing "Must use import to load ES Module" in Node.js

Fixing "Cannot use import statement outside a module" in Node.js

Using Environment Variables in NestJS Database Configuration

Fixing PostCSS Plugin tailwindcss Requires PostCSS 8 Error

SSL WRONG_VERSION_NUMBER Error: Causes and Solutions

Problem Statement

The EPROTO 34557064:error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER error occurs when there's a mismatch in SSL/TLS protocol versions between a client and server during HTTPS communication. This error typically indicates that one party is attempting to use an incompatible SSL/TLS version or there are configuration issues preventing proper encrypted communication.

This error commonly appears in various scenarios, including:

  • Node.js applications making HTTPS requests
  • API testing tools like Postman
  • Web server configurations with Nginx
  • Docker container environments

Common Causes and Solutions

1. Protocol Mismatch (HTTPS vs HTTP)

The most common cause is attempting to use HTTPS to connect to a server that only supports HTTP.

Solution: Verify your URL protocol:

javascript
// ❌ Problematic HTTPS call to HTTP endpoint
const https = require('https');
https.get('https://localhost:3000/posts', (res) => {
  // This will fail if server only supports HTTP
});

// ✅ Correct HTTP call to HTTP endpoint
const http = require('http');
http.get('http://localhost:3000/posts', (res) => {
  // Process response
});
bash
# Wrong protocol
curl https://localhost:3000

# Correct protocol  
curl http://localhost:3000

WARNING

Always verify whether your target server actually supports HTTPS before making HTTPS requests. Development servers often run on HTTP by default.

2. Postman Configuration Issues

Several Postman-specific configurations can cause this error:

Solution A: Disable automatic redirects

  • Go to Postman Settings → General
  • Disable "Automatically follow redirects"
  • Manually handle 302 redirects instead

Solution B: Check custom headers

  • Remove any manually set Host header
  • Let Postman calculate the host value automatically

Solution C: Certificate verification settings

  • Go to Settings → General
  • Turn off "SSL certificate verification" for testing (not recommended for production)

Solution D: Certificate configuration

  • When specifying certificates, explicitly enter the port (even if it shows 443 as placeholder)
  • Ensure certificate paths and configurations are correct

3. Nginx Server Configuration

Incorrect Nginx SSL configuration can cause this error on the server side:

nginx
server {
    listen 443;  # Missing 'ssl' directive
    server_name example.com;
    # ... other configuration
}
nginx
server {
    listen 443 ssl;  # ✅ Correct with ssl directive
    server_name example.com;
    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private.key;
    # ... other configuration
}

4. Docker and Container Environments

When running applications in containers:

Solution: Ensure proper port mapping and SSL configuration:

  • Verify that SSL certificates are correctly mounted in containers
  • Check that port mappings align with your SSL configuration
  • Ensure Nginx or your web server is properly configured for SSL within the container

Diagnostic Steps

To identify the root cause of the WRONG_VERSION_NUMBER error:

  1. Verify the protocol: Use http:// instead of https:// to test if the issue is protocol-related
  2. Check server configuration: Ensure your server actually supports HTTPS if you're trying to use it
  3. Test with different clients: Try the same request with cURL or browser to isolate the issue
  4. Review SSL certificates: Validate that certificates are properly configured and not expired
  5. Check network configuration: Verify there are no intermediaries (proxies, load balancers) causing protocol issues

Best Practices

  • Always use environment variables to manage API endpoints, making it easy to switch between HTTP (development) and HTTPS (production)
  • Implement proper error handling for SSL-related errors in your code
  • Use tools like OpenSSL to test SSL connectivity: openssl s_client -connect host:port
  • Regularly update your SSL/TLS libraries and dependencies

INFO

While disabling SSL verification can be a temporary workaround for testing, never use this approach in production environments as it exposes you to security vulnerabilities.

Conclusion

The WRONG_VERSION_NUMBER SSL error typically stems from protocol mismatches or configuration issues rather than code problems. By systematically checking your URL protocol, client configuration, and server settings, you can quickly resolve this error and establish successful HTTPS connections.