On 25.04.18 02:32, Lev wrote: > Hi list, > > > I'm struggling with git connecting to Github. > > The problem might be SSL/TLS related. > > https://githubengineering.com/crypto-removal-notice/ > > I suspect that my setup still uses tlsv1 or tlsv1.1. > > I've tried to explicitly set git to use tlsv1.2 in my .gitconfig file > like this: > > [http] > sslVersion = tlsv1.2 This is the default, so this setting should not be needed, unless it's overridden in some higher prioritized git config file. Have you tried git -c http.sslVersion=tlsv1.2 clone <URL> ? This should override any settings files. > I've tried to re-compile git with OpenSSL and GnuTLS. All give the > same error. > > git clone https://github.com/OnionIoT/source.git > Cloning into 'source'... > * Couldn't find host github.com in the .netrc file; using defaults > * Trying 192.30.253.112... > * TCP_NODELAY set > * Connected to github.com (192.30.253.112) port 443 (#0) > * ALPN, offering http/1.1 > * Cipher selection: > ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH > * successfully set certificate verify locations: > * CAfile: /etc/ssl/certs/ca-certificates.crt > CApath: /etc/ssl/certs > * error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol > version > * Curl_http_done: called premature == 1 > * stopped the pause stream! > * Closing connection 0 > fatal: unable to access 'https://github.com/OnionIoT/source.git/': > error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol > version lev@jive:~/git$ unset GIT_SSL_VERSION lev@jive:~/git$ git clone > https://github.com/OnionIoT/source.git Cloning into 'source'... > * Couldn't find host github.com in the .netrc file; using defaults > * Trying 192.30.253.112... > * TCP_NODELAY set > * Connected to github.com (192.30.253.112) port 443 (#0) > * ALPN, offering http/1.1 > * Cipher selection: > ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH > * successfully set certificate verify locations: > * CAfile: /etc/ssl/certs/ca-certificates.crt > CApath: /etc/ssl/certs > * error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol > version > * Curl_http_done: called premature == 1 > * stopped the pause stream! > * Closing connection 0 > fatal: unable to access 'https://github.com/OnionIoT/source.git/': > error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version > > > I can connect to other git servers without any error. This is a debian > stable system with the following components: > > git version 2.11.0 > libcurl 7.52.1 > OpenSSL 1.0.2l This OpenSSL version is certainly recent enough to support TLSv1.2. Are you sure you ran the newly compiled git binary? (Sorry for asking stupid questions; it's sometimes difficult to get to the root of a problem) > > > Is there any way to know what is the exact protocol used? Are there any > workaround, fix for this issue? > > Any help welcome. Thank you, > Levente > Cheers, Beat
