无法与同行进行安全通信：没有共同的加密算法（S） [英] Cannot communicate securely with peer: no common encryption algorithm(s)

问题描述

我是一个Fedora的20个用户。虽然克隆一个仓库，我得到了以下错误： 复制到git_missions... 致命的：无法访问 https://openhatch.org/git-mission-data/混帐/ hithard / ：无法与同行进行安全通信：没有共同的加密算法（S）。

I am a fedora 20 user. While cloning a repository,I got the following error: " Cloning into 'git_missions'... fatal: unable to access 'https://openhatch.org/git-mission-data/git/hithard/': Cannot communicate securely with peer: no common encryption algorithm(s). "

我没有得到该怎么办？需要帮助。

I am not getting what to do?need help.

推荐答案

最简单的解决方案，只是使用 HTTP ，而不是 HTTPS ：

The simplest solution is just to use http instead of https:

$ git clone http://openhatch.org/git-mission-data/git/hithard/
Cloning into 'hithard'...
remote: Counting objects: 3, done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (3/3), done.
Checking connectivity... done.

我觉得错误本身（没有共同的加密算法）是准确的;看来，服务器要使用某种形式的椭圆曲线密码（TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256）不支持通过Git的基础SSL库。您可以使用类似 Wireshark的来捕捉Git和服务器之间的SSL握手和看到的选项被来回传递。

I think the error itself ("no common encryption algorithms") is accurate; it appears that the server wants to use some sort of elliptic curve cipher (TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) that is not supported by git's underlying SSL library. You can use something like wireshark to capture the SSL handshake between git and the server and see the options being passed back and forth.

至少在我的系统，卷曲似乎不支持这种加密法，而混帐使用<$ C C>的libcurl $处理HTTPS / HTTP连接。

At least on my system, curl does not seem to support this cipher, and git uses libcurl for handling https/http connections.

更新

因此​​，基于我的最后注释@mattdm，我在其中发现卷曲在我的系统是使用NSS加密库，以下工作：

So, based on my last comment to @mattdm, in which I discovered that curl on my system is using the NSS crypto library, the following works:

curl --ciphers ecdhe_ecdsa_aes_128_gcm_sha_256 https://openhatch.org/

不幸的是，没有任何的方式来传递一个密码列表，以混帐。让它做这样的补丁是微不足道的 - 这里一个版本我只是 - 但我不知道是什么的几率是越来越接受这种上游

Unfortunately, there isn't any way to pass a cipher list to git. The patch to make it do so is trivial -- here is one version I just made -- but I don't know what the odds are of getting this accepted upstream.

这篇关于无法与同行进行安全通信：没有共同的加密算法（S）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！