Git clone fails with SSL routines:SSL23_GET_SERVER_HELLO
問題
The following errors are encountered when trying to clone a Bitbucket Server repository from a client machine:
* error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
* Closing connection 0
fatal: unable to access 'https://kidney:8443/bitbucket/scm/proj/testone.git': error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
Cloning into 'clone'...
fatal: unable to access 'https://kidney:8443/bitbucket/scm/proj/clone.git': error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure原因
There is a reported bug in OpenSSL: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/861137. The OpenSSL version installed on your client is v1.0+.
ソリューション
オプション 1:
Edit the Tomcat configuration for Bitbucket Server (as an attribute under the Connector element) to only allow stronger encryption by editing <Bitbucket Server installation directory>/conf/server.xml and then restarting Bitbucket Server:
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"For Bitbucket Server 5.0+, the ciphers can be controlled by adding server.ssl.ciphers in $BITBUCKET_HOME/shared/bitbucket.properties with the ciphers from above.
オプション 2:
This bug was introduced as of OpenSSL v1.0+. Please downgrade your OpenSSL/0.9.8k on the client trying to clone from Bitbucket Server.
Read more here: