Wget and SSL Issue

Wget and SSL Issue

WGET issue:
>wget -nv -O ./2204.xml.gz 'https://xxxxx.com/feed.xml.gz'
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.

>openssl s_client -connect xxxxx.com:443 -debug
CONNECTED(00000003)
write to 0x2219f20 [0x22566f0] (249 bytes => 249 (0xF9))
0000 - 16 03 01 00 f4 01 00 00-f0 03 03 30 82 42 6c 52   ...........0.BlR
0010 - 89 2e 4d 14 26 64 6d b0-f2 a3 ac 0f 15 b3 99 7d   ..M.&dm........}
0020 - 05 f7 74 76 25 fd 6d 1a-2b 68 14 00 00 84 c0 30   ..tv%.m.+h.....0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a3 00 9f 00 6b   .,.(.$.........k
0040 - 00 6a 00 39 00 38 00 88-00 87 c0 32 c0 2e c0 2a   .j.9.8.....2...*
0050 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 2f   .&.......=.5.../
0060 - c0 2b c0 27 c0 23 c0 13-c0 09 00 a2 00 9e 00 67   .+.'.#.........g
0070 - 00 40 00 33 00 32 00 9a-00 99 00 45 00 44 c0 31   [email protected]
0080 - c0 2d c0 29 c0 25 c0 0e-c0 04 00 9c 00 3c 00 2f   .-.).%.......<./
0090 - 00 96 00 41 c0 12 c0 08-00 16 00 13 c0 0d c0 03   ...A............
00a0 - 00 0a 00 07 c0 11 c0 07-c0 0c c0 02 00 05 00 04   ................
00b0 - 00 ff 01 00 00 43 00 0b-00 04 03 00 01 02 00 0a   .....C..........
00c0 - 00 0a 00 08 00 19 00 18-00 16 00 17 00 23 00 00   .............#..
00d0 - 00 0d 00 20 00 1e 06 01-06 02 06 03 05 01 05 02   ... ............
00e0 - 05 03 04 01 04 02 04 03-03 01 03 02 03 03 02 01   ................
00f0 - 02 02 02 03 00 0f 00 01-01                        .........
read from 0x2219f20 [0x225bc50] (7 bytes => 7 (0x7))
0000 - 48 54 54 50 2f 31 2e                              HTTP/1.
140024920639328:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 249 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---


Rebuild Wget with Latest Version
>wget http://ftp.gnu.org/gnu/wget/wget-1.19.tar.gz

Exception:
configure: error: Package requirements (gnutls) were not met:
No package 'gnutls' found

Solution:
>sudo yum install gnutls
>./configure --with-ssl=openssl
>make clean
>./configure --prefix=/usr --with-ssl=openssl
make and make install to have the latest version

>wget -V
GNU Wget 1.19 built on linux-gnu.

-cares +digest -gpgme +https +ipv6 -iri +large-file -metalink +nls
+ntlm +opie -psl +ssl/openssl

OpenSSL version
>openssl version
OpenSSL 1.0.1k-fips 8 Jan 2015


On MAC the Exception is different
OpenSSL: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

>wget -V
GNU Wget 1.16 built on darwin14.3.0.
>openssl version
OpenSSL 0.9.8zh 14 Jan 2016

On CentOS the Exception
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

>wget -V
GNU Wget 1.19 built on linux-gnu.
>openssl version
OpenSSL 1.0.1k-fips 8 Jan 2015

Let me first Work on the MAC
upgrade the openssl version to latest
>wget https://www.openssl.org/source/openssl-1.1.0f.tar.gz
Unzip and directly make and make install

>openssl version
OpenSSL 1.1.0f  25 May 2017

Still have Exceptions
>openssl s_client -connect xxxx.com:443 -debug
CONNECTED(00000005)
write to 0x7f9f76e00340 [0x7f9f7800fe00] (176 bytes => 176 (0xB0))
0000 - 16 03 01 00 ab 01 00 00-a7 03 03 3b c9 85 56 3c   ...........;..V<
0010 - ce 71 b8 ef a6 f9 ec 69-41 9e 96 85 04 72 5a ee   .q.....iA....rZ.
0020 - 8f a3 6f 9b f5 a9 81 ba-8f 9a 9d 00 00 38 c0 2c   ..o..........8.,
0030 - c0 30 00 9f cc a9 cc a8-cc aa c0 2b c0 2f 00 9e   .0.........+./..
0040 - c0 24 c0 28 00 6b c0 23-c0 27 00 67 c0 0a c0 14   .$.(.k.#.'.g....
0050 - 00 39 c0 09 c0 13 00 33-00 9d 00 9c 00 3d 00 3c   .9.....3.....=.<
0060 - 00 35 00 2f 00 ff 01 00-00 46 00 0b 00 04 03 00   .5./.....F......
0070 - 01 02 00 0a 00 0a 00 08-00 1d 00 17 00 19 00 18   ................
0080 - 00 23 00 00 00 0d 00 20-00 1e 06 01 06 02 06 03   .#..... ........
0090 - 05 01 05 02 05 03 04 01-04 02 04 03 03 01 03 02   ................
00a0 - 03 03 02 01 02 02 02 03-00 16 00 00 00 17         ..............
00b0 - <SPACES/NULS>
read from 0x7f9f76e00340 [0x7f9f78006a03] (5 bytes => 5 (0x5))
0000 - 48 54 54 50 2f                                    HTTP/
140736693289920:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:252:

It is not fixed on MAC.

Let me try On CentOS
Same issue, it does not fixed anything.

Get some information from my colleagues, maybe the file does not exist on the remote server or maybe the remote server is not well set up.

References:
https://help.directadmin.com/item.php?id=119
http://www.linuxfromscratch.org/blfs/view/svn/basicnet/wget.html
http://blog.techstacks.com/2010/03/3-common-causes-of-unknown-ssl-protocol-errors-with-curl.html
https://stackoverflow.com/questions/15166950/unable-to-establish-ssl-connection-how-do-i-fix-my-ssl-cert
http://ftp.gnu.org/gnu/wget/
http://mac-dev-env.patrickbougie.com/openssl/