I am trying to connect to bitbucket repository with https (ssl) from one of the jenkins job, but I am getting Unknown SSL protocol error.
fatal: unable to access 'https://git.my.url.domain.com:7999/scm/sources.git/': Unknown SSL protocol error in connection to git.my.url.domain.com:7999
- CloudBees Jenkins Enterprise > 1.609.1.1
- Jenkins LTS > 1.609.1
- Jenkins > 1.600
- curl < 7.29.0-24.el7
- git < 2.6.0
In order to diagnose the issue, first of all we have to know git and curl version and the trace of failure, as a normal user you have to execute these commands:
export GIT_CURL_VERBOSE=1 export GIT_TRACE_PACKET=2 git --version curl --version git clone https://git.my.url.domain.com:7999/scm/sources.git .
If the result of this command will be similar to this you probably are affected a bug in git+curl, Git over HTTPS doesn’t work with TLSv1.1 or TLSv1.2
git version 2.6.3 curl 7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1k zlib/1.2.8 libidn/1.29 libssh2/1.4.3 librtmp/2.3 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp Features: AsynchDNS IDN IPv6 Largefile GSS-API SPNEGO NTLM NTLM_WB SSL libz TLS-SRP Cloning into 'onboarding'... * Couldn't find host git.my.url.domain.com in the .netrc file, using defaults * About to connect() to git.my.url.domain.com port 7999 * Trying 22.214.171.124... * connected * Connected to git.my.url.domain.com (126.96.36.199) port 7999 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * Unknown SSL protocol error in connection to git.my.url.domain.com:7999 * Closing connection #0 fatal: unable to access 'https://git.my.url.domain.com:7999/scm/sources.git/': Unknown SSL protocol error in connection to git.my.url.domain.com:7999
to be sure, we are going to trace the handshake of SSL connection with this command:
openssl s_client -connect git.my.url.domain.com:7999
If you can see that server uses TLSv1.1 or TLSv1.2 protocol version you need to upgrade git and curl on your system.
---- SSL handshake has read 4624 bytes and written 433 bytes ---- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 56E2E024DFC4507EDEFDEFDEFDEFDEFDEFDEF4B57E5704F5952F1842870CF5CF172 Session-ID-ctx: Master-Key: B60D391FC5A232EFD877F36A8032BCEDFEDEFDEFDFEDFDEFDEFDEFDFED0AD62AF7B430DEF7FA08B630E04 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1457709092 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain)