Git clone fails with SSL routines:SSL23_GET_SERVER_HELLO
症状
The following errors are encountered when trying to clone a Stash repository from a client machine:
* error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
* Closing connection 0
fatal: unable to access 'https://kidney:8443/stash/scm/proj/testone.git': error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
Cloning into 'clone'...
fatal: unable to access 'https://kidney:8443/stash/scm/proj/clone.git': error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure原因
There is a reported bug in OpenSSL: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/861137. The OpenSSL version installed on your client is v1.0+.
ソリューション
オプション 1:
Edit the Tomcat configuration for Stash (as an attribute under the Connector element) to only allow stronger encryption by editing <Stash installation directory>/conf/server.xml and then restarting Stash:
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"オプション 2:
This bug was introduced as of OpenSSL v1.0+. Please downgrade your OpenSSL/0.9.8k on the client trying to clone from Stash.
Read more here:
- http://razcx.wordpress.com/2013/02/19/curl-and-tomcat-ssl-routinesssl23_get_server_hellotlsv1-alert-internal-error/
- http://blog.techstacks.com/2008/09/securing-ssl-in-tomcat-part-two.html
- http://www.sslshopper.com/article-how-to-disable-weak-ciphers-and-ssl-2-in-tomcat.html
Last modified on Mar 30, 2016
Powered by Confluence and Scroll Viewport.