哪个版本的Git支持TLS 1.2? [英] What version of Git supports TLS 1.2?

问题描述

Bitbacket关闭TLS v1.0& v1.1 .我们的詹金斯号因为旧版Git而失败:

Bitbacket shutdown TLS v1.0 & v1.1. Our Jenkins fails because of old Git:

git --version
git version 1.8.2.3
+ GIT_CURL_VERBOSE=1
+ git ls-remote https://bitbucket.org/
* Couldn't find host bitbucket.org in the .netrc file, using defaults
* About to connect() to bitbucket.org port 443
*   Trying 18.205.93.1... * connected
* Connected to bitbucket.org (18.205.93.1) port 443
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Unknown SSL protocol error in connection to bitbucket.org:443

我查看了Git发行说明:

I checked out Git release notes:

git clone --depth=1 https://github.com/git/git

，但未发现有关TLS v1.2支持的任何信息:

and found nothing about TLS v1.2 support:

cd git/Documentation/RelNotes
grep TLS

我应该告诉sysadmin哪个版本的Git最低支持TLS v1.2?

What should I tell sysadmin which version of Git is minimum that supports TLS v1.2?

注意我们不在基础架构中的热门上，请不要说任何有关更新到昨天发布的信息...

NOTE We are not on the hot in our infrastructure, please don't say anything about updating to yesterday release...

注意2 ，我可能会错过Git的内部结构，其他操作系统库可能会影响TLS v1.2支持.

NOTE 2 I can miss Git internals and other OS libraries can affect TLS v1.2 support.

推荐答案

为了执行HTTP和HTTPS，Git使用了一个名为libcurl的库.该库又与提供TLS的某些库链接，该库通常为OpenSSL，GnuTLS或NSS，具体取决于您的操作系统.在Linux上找出与Git链接的对象之一的最简单方法是运行ldd $(which "$(git --exec-path)"/git-http-push).

In order to perform HTTP and HTTPS, Git uses a library called libcurl. This library in turn is linked against some library that provides TLS, which is usually OpenSSL, GnuTLS, or NSS, depending on your operating system. The easiest way on Linux to find out which one of these your Git is linked against is to run ldd $(which "$(git --exec-path)"/git-http-push).

如果输出中包含"libgnutls"，则说明您使用的是GnuTLS，并且需要GnuTLS 2.12.24或更高版本才能正确支持TLS 1.2.

If the output contains something that says "libgnutls", then you're using GnuTLS, and you'll need GnuTLS 2.12.24 or newer for proper TLS 1.2 support.

如果输出中包含"libnss"，则说明您正在使用NSS，并且需要NSS 3.15.1.

If the output contains something that says "libnss", then you're using NSS, and you'll need NSS 3.15.1.

如果输出中包含"libssl"的内容，而没有其他内容，则说明您使用的是OpenSSL，则需要使用OpenSSL 1.0.1.

If the output contains something that says "libssl" and none of the others, then you're using OpenSSL, and you'll need OpenSSL 1.0.1.

请注意，某些供应商会向后移植补丁程序，或者需要升级其libcurl版本才能正确启用TLS 1.2，因此，这可能并不完全正确，具体取决于您的供应商.

Note that some vendors backport patches or will need to upgrade their versions of libcurl in order to enable TLS 1.2 properly, so this may not be exactly right, depending on your vendor.

请注意，您可能正在为RHEL和CentOS 5使用Git的EPEL版本.如果是这样，请注意这些操作系统完全不支持TLS 1.2，并且将不会获得任何支持.

As a note, it looks like you might be using the EPEL version of Git for RHEL and CentOS 5. If so, be aware that those operating systems have no TLS 1.2 support at all and will not be getting any.

这篇关于哪个版本的Git支持TLS 1.2?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！