无法与对等方安全通信:没有通用的加密算法 [英] Cannot communicate securely with peer: no common encryption algorithm(s)

问题描述

我是 Fedora 20 用户.克隆存储库时，出现以下错误:" 克隆到 'git_missions'...致命:无法访问 'https://openhatch.org/git-mission-data/git/hithard/':无法与对等方安全通信:没有通用的加密算法."

I am a fedora 20 user. While cloning a repository,I got the following error: " Cloning into 'git_missions'... fatal: unable to access 'https://openhatch.org/git-mission-data/git/hithard/': Cannot communicate securely with peer: no common encryption algorithm(s). "

我不知道该怎么办?需要帮助.

I am not getting what to do?need help.

推荐答案

最简单的解决方案就是使用 http 而不是 https :

The simplest solution is just to use http instead of https:

$ git clone http://openhatch.org/git-mission-data/git/hithard/
Cloning into 'hithard'...
remote: Counting objects: 3, done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (3/3), done.
Checking connectivity... done.

我认为错误本身(没有通用的加密算法")是准确的；似乎服务器想要使用某种 git 底层 SSL 库不支持的椭圆曲线密码 (TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256).您可以使用诸如 wireshark 之类的东西来捕获 git 和服务器之间的 SSL 握手，并查看来回传递的选项.

I think the error itself ("no common encryption algorithms") is accurate; it appears that the server wants to use some sort of elliptic curve cipher (TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) that is not supported by git's underlying SSL library. You can use something like wireshark to capture the SSL handshake between git and the server and see the options being passed back and forth.

至少在我的系统上，curl 似乎不支持这种密码，而 git 使用 libcurl 来处理 https/http 连接.

At least on my system, curl does not seem to support this cipher, and git uses libcurl for handling https/http connections.

更新

因此，根据我对@mattdm 的最后评论，我发现系统上的 curl 使用的是 NSS 加密库，结果如下:

So, based on my last comment to @mattdm, in which I discovered that curl on my system is using the NSS crypto library, the following works:

curl --ciphers ecdhe_ecdsa_aes_128_gcm_sha_256 https://openhatch.org/

不幸的是，没有任何方法可以将密码列表传递给 git.让它这样做的补丁很简单——这里是我刚刚制作的一个版本——但我不知道让上游接受这个版本的几率有多大.

Unfortunately, there isn't any way to pass a cipher list to git. The patch to make it do so is trivial -- here is one version I just made -- but I don't know what the odds are of getting this accepted upstream.

这篇关于无法与对等方安全通信:没有通用的加密算法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！