Support » Plugin: Wordfence Security - Firewall & Malware Scan » cURL error 35: Unknown SSL protocol error

  • Resolved chloebgt

    (@chloebgt)


    Wordfence is installed on my website and was perfectly fine, but since a few days, It’s impossible to perform a new scan : I get this error :

    “Call to Wordfence API to resolve IPs failed: There was an error connecting to the Wordfence scanning servers: cURL error 35: Unknown SSL protocol error in connection to noc1.wordfence.com:443”

    And The scan doesn’t start…

    Any Idea ?
    I’ve tried to reinstall all wordfence files, but it doesn’t work

Viewing 15 replies - 1 through 15 (of 22 total)
  • I have the same problem! Since March 14th I get this error, as I can see in the log. Until that time, it worked fine.

    I hope you get an answer soon 🙂

    +1.

    I also see the error on the “Blocking” and a few other screens.

    About the same time I starting seeing these errors, all rows on the “Live Traffic” screen show “Unspecified” in the Location column (or “unknown location” when the row is expanded) rather than the city/country.

    I suspect the 2 problems are related, since the IP resolution is handled via an SSL wp_remote_post() back to wordfence.com.

    However, I’m only seeing the errors on SOME sites I have Wordfence installed on. Because of this, I thought that my hosting company had changed the config on the server for the sites where I’m seeing the errors…and not on the server for the sites where i’m not seeing them. I opened a support ticket with my hosting company. But if other people are seeing them, then MAYBE it is a problem with the recent update to Wordfence?

    I just found another topic that describes other people having the “Unspecified” location problem I’m having.

    That topic suggests the problem is related to the version of libcurl installed.

    The server on which I am NOT having the problem is using the the version of libcurl mentioned by one person in that other topic as a version that works.

    The server on which I AM having the problem is using a VERY old version of libcurl. However, I only started seeing the problem in the last week or so and my hosting company swears they have NOT changed the version of libcurl on that server in this time frame…

    Thank for @pbiron for your reply.

    If we are several in this case (like @ldwd), the problem seems to come from Wordfence. I guess we do not have the same hosting company.
    The error also appeared the same day on March 14 …

    I’m waiting for a return of Wordfence support for more elements.
    Meanwhile, I will do the tests on my other sites.

    Ditto – same issue on 2 sites, although very similar the wording of the error messages differs slightly.
    And yes, those 2 sites are on different servers
    🙁

    Is this the same error you guys are experiencing?
    [MAR 22 13:09:08] Fatal error: Uncaught exception ‘Exception’ with message ‘There was an error connecting to the Wordfence scanning servers: cURL error 35: Unknown SSL protocol error in connection to noc1.wordfence.com:443

    Maybe if enough of us report the error Wordfence will investigate and propose a fix. I hope so….

    Yep – that’s the one!
    🙁

    Here’s the error:
    Fatal error: Uncaught exception ‘Exception’ with message ‘There was an error connecting to the Wordfence scanning servers: cURL error 35: Unknown SSL protocol error in connection to noc1.wordfence.com:443

    Here’s the fix:
    After working with WordPress support (they were very responsive and helpful). Here’s the cause of this error.

    “We recently had to update the software on our servers due to compliance which means we had to stop supporting some older SSL ciphers. What is happening here is that your site is trying to connect to Wordfence servers but failing because the connection method your server is using is too old.

    What needs to be updated is curl and OpenSSL. This should be updated not only for the functionality of Wordfence and your SSL connections, but for the security of your site in general as well.

    If you are not hosting the site yourself you will need to reach out to your host and ask them to update curl.”

    Hi @chloebgt,

    Have you tried updating cURL and OpenSSL as suggested by @xtramark?

    @xtramark, super! Many thanks for doing the investigation and reporting back at us 🙂

    @wfyann, is there any workaround until cURL and OpenSSL will be updated at ones hosting provider? Thanks!

    Gilles

    (@alizesonline)

    For your information, all the websites I manage and which are hosted by OVH are experiencing the same error, whatever the PHP version (5.6 or 7.0).

    Log files are reporting the following:
    Call to Wordfence API to resolve IPs failed: There was an error connecting to the Wordfence scanning servers: cURL error 35: Unknown SSL protocol error in connection to noc1.wordfence.com:443

    In “Tools > Diagnistics”, an error is reported under “Connecting to Wordfence servers (https)”:
    wp_remote_post() test to noc1.wordfence.com failed! Response was: cURL error 35: Unknown SSL protocol error in connection to noc1.wordfence.com:443

    The first time this error occured was on March 21st. Since then, scans are down.

    Any idea to fix that ?

    Hi,

    We have internally discussed a temporary workaround for this –which would be to only support http for the time being.
    However, after careful consideration –and for obvious security reasons– we have decided not to implement such a modification.

    So at this stage I can only suggest you get your hosting provider to implement the necessary SSL/cURL related updates.

    Unfortunately, turning off “Enable SSL verification” won’t work even then there is still an attempt to establish an SSL connection –disabling that option only means that SSL certificates will not be verified.

    Thanks @wfyann & @xtramark

    Thank you for this beginning of solution. I will in this case request an update from the support of my hosting compagny OVH. Hope it’ll work !

    @chloebgt @wfyann
    Hi guys, interesting that I am also only having this issue on my sites hosted at OVH.
    chloebgt can I ask what php version and cURL library you see declared when you run the Wordfence diagnostics and does that match the versions stated in your OVH control panel: http://pro.ovh.net/infos/ – mine do not. My php at OVH is set to 7.2 but my WF diagnostics display only 5.4.45 – I have an open support ticket trying to find out why?
    @wfyann can you please confirm the minimum requirements for the php and cURL library versions please.
    Very frustrating

    Gilles

    (@alizesonline)

    OVH is the biggest French hosting company. I bet they will not give a damn to our requests, concerning the CURL version they installed on their shared servers.
    I think the wordfence team should find a solution, or we may have to find another way to protect our websites. Or accept the scans don’t work and just rely on the firewall. unfortunately.

    Edit – I just went to the OVH support forums and there is one solution: you guys may try to switch your PHP configuration from “legacy” to “stable”. This will allow curl https. To do so, you can use your OVH dashboard to edit your PHP configuration, or edit the “.ovhconfig” file at the root of the server: container.image=stable

    Please report if this works for you as it does for me on several websites.

    • This reply was modified 1 year, 1 month ago by  Gilles.
Viewing 15 replies - 1 through 15 (of 22 total)
  • The topic ‘cURL error 35: Unknown SSL protocol error’ is closed to new replies.