git-Unknown-SSL-protocol-error-in-connection

Issue

I am trying to connect to bitbucket repository with https (ssl) from one of the jenkins job, but I am getting Unknown SSL protocol error.

fatal: unable to access 'https://git.my.url.domain.com:7999/scm/sources.git/': Unknown SSL protocol error in connection to git.my.url.domain.com:7999

Environment

  • CloudBees Jenkins Enterprise > 1.609.1.1
  • Jenkins LTS > 1.609.1
  • Jenkins > 1.600
  • curl < 7.29.0-24.el7
  • git < 2.6.0

Resolution

In order to diagnose the issue, first of all we have to know git and curl version and the trace of failure, as a normal user you have to execute these commands:

export GIT_CURL_VERBOSE=1
export GIT_TRACE_PACKET=2
git --version
curl --version
git clone https://git.my.url.domain.com:7999/scm/sources.git .

If the result of this command will be similar to this you probably are affected a bug in git+curl, Git over HTTPS doesn’t work with TLSv1.1 or TLSv1.2

git version 2.6.3
curl 7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1k zlib/1.2.8 libidn/1.29 libssh2/1.4.3 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API SPNEGO NTLM NTLM_WB SSL libz TLS-SRP
Cloning into 'onboarding'...
* Couldn't find host git.my.url.domain.com in the .netrc file, using defaults
* About to connect() to git.my.url.domain.com port 7999
* Trying 1.1.1.101... * connected
* Connected to git.my.url.domain.com (1.1.1.101) port 7999
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Unknown SSL protocol error in connection to git.my.url.domain.com:7999
* Closing connection #0
fatal: unable to access 'https://git.my.url.domain.com:7999/scm/sources.git/': Unknown SSL protocol error in connection to git.my.url.domain.com:7999

to be sure, we are going to trace the handshake of SSL connection with this command:

openssl s_client -connect git.my.url.domain.com:7999

If you can see that server uses TLSv1.1 or TLSv1.2 protocol version you need to upgrade git and curl on your system.

----
SSL handshake has read 4624 bytes and written 433 bytes
----
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 56E2E024DFC4507EDEFDEFDEFDEFDEFDEFDEF4B57E5704F5952F1842870CF5CF172
    Session-ID-ctx:
    Master-Key: B60D391FC5A232EFD877F36A8032BCEDFEDEFDEFDFEDFDEFDEFDEFDFED0AD62AF7B430DEF7FA08B630E04
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1457709092
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.