Git clone fails with SSL routines:SSL23_GET_SERVER_HELLO

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

問題

The following errors are encountered when trying to clone a Bitbucket Server repository from a client machine:

* error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
* Closing connection 0
fatal: unable to access 'https://kidney:8443/bitbucket/scm/proj/testone.git': error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
Cloning into 'clone'...
fatal: unable to access 'https://kidney:8443/bitbucket/scm/proj/clone.git': error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

原因

There is a reported bug in OpenSSL: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/861137. The OpenSSL version installed on your client is v1.0+.

ソリューション

Option 1:

Edit the Tomcat configuration for Bitbucket Server (as an attribute under the Connector element) to only allow stronger encryption by editing <Bitbucket Server installation directory>/conf/server.xml and then restarting Bitbucket Server:

ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"

For Bitbucket Server 5.0+, the ciphers can be controlled by adding server.ssl.ciphers in $BITBUCKET_HOME/shared/bitbucket.properties with the ciphers from above.

Option 2:

This bug was introduced as of OpenSSL v1.0+. Please downgrade your OpenSSL/0.9.8k on the client trying to clone from Bitbucket Server.

Read more here:

最終更新日 2017 年 5 月 2 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.