如何克服git错误`连接中未知的SSL协议错误' [英] How to overcome the git error `Unknown SSL protocol error in connection`
问题描述
$ git clone --recursive 我试图克隆一些存储库,但后来发现错误: https://some-url.git
克隆到'项目'...
致命:无法访问'https:// https://some-url.git/':未知的SSL协议连接到
的错误some-url.git:443
我读过由于 POODLE 漏洞,git存储库已移至强制TLS1.0并且不再支持SSLv3通信。但我不知道这个错误消息是否意味着我的git客户端只知道说出SSLv3并且服务器拒绝,或者服务器只知道说出SSLv3而我的客户端拒绝。如果问题出在我的客户端上,我该如何配置它才能使用TLS;另一方面,如果它是服务器,我该如何解决?
在SourceTree和scm git(console和gui)上收到错误。
如何配置它以使用TLS?
Git 2.5(2015年8月)已经允许指定协商SSL连接时使用的密码列表,其中
http.sslCipherList
和GIT_SSL_CIPHER_LIST
。
(请参阅无法与对等方安全通信:没有通用的加密算法)
启动Git 2.6+(Q3 2015),可以明确指定SSL版本:
http
:添加对指定SSL版本的支持
请参阅 commit 01861cb ( 1 2015年8月4日)作者: Elia Pinto(
devzero2000
)。
帮助: Eric Sunshine(sunshineco
)。
(由 Junio C Hamano - <$ c $合并c> gitster - 在 commit ed070a4 ,2015年8月26日)http.sslVersion
pre>
在协商SSL连接时使用的SSL版本,如果您要强制使用默认值。
可用的和默认的版本取决于libcurl是否是针对NSS或OpenSSL构建的,以及正在使用的加密库的特定配置。在内部,它设置'CURLOPT_SSL_VERSION
'选项;请参阅libcurl文档以获取有关此选项格式和支持的ssl版本的更多详细信息。
实际上,此选项的可能值为:
- sslv2
- sslv3
- tlsv1
- tlsv1.0
- tlsv1.1
- tlsv1.2
可以被'
GIT_SSL_VERSION
'环境变量覆盖。
强制git使用libcurl的默认ssl版本并忽略任何明确的http。 sslversion
选项,将'GIT_SSL_VERSION
'设置为空字符串。
上述设置很重要,因为 GitHub现在(2018年2月)强制禁用弱加密标准。
2018年2月8日,我们将开始禁用以下:
- TLSv1 / TLSv1.1:这适用于所有的HTTPS连接,包括web,API和git连接至 https://github.com 和 https://api.github.com 。
- diffie-hellman-group1-sha1:适用于与github.com的所有SSH连接。
- diffie-hellman-group14-sha1:适用于所有到github.com的SSH连接
Git 2.18(Q2 2018)现在可以使用TLSv1.3:
使用更新的cURL
,GIT_SSL_VERSION
现在可以指定tlsv1.3
作为其值。
参见 commit d81b651 (2018年3月29日) Loganaden Velvindron(
loganaden
)。
(由 Junio C Hamano -gitster
- 在 commit 9b59d88 中, 2011年4月11日)
http
:允许使用TLS 1.3
除了现有的
tlsv1之外,还为http.sslVersion
添加tlsv1.3选项。[ 012]选项。
libcurl
自7.52.0以来支持此功能。
这需要OpenSSL 1.1 .1启用TLS 1.3或
curl
用
构建最新版本的NSS或BoringSSL作为TLS后端。
I'm trying to git clone some repository, but then I get the error:
$ git clone --recursive https://some-url.git Cloning into 'project'... fatal: unable to access 'https://https://some-url.git/': Unknown SSL protocol error in connection to some-url.git:443
I've read that the git repositories moved to force the TLS1.0 and no more support SSLv3 communication due to the POODLE vulnerability. But I don't know whether this error message means that my git client only knows to talk SSLv3 and the server denies or that the server only knows to talk SSLv3 and my client denies. If the problem is in my client, how can I configure it to use TLS; on the other hand, if it is the server, how can I resolve?
The error is received on both SourceTree and scm git (console and gui).
解决方案how can I configure it to use TLS?
Git 2.5 (August 2015) already allows to specify a list of ciphers to use when negotiating SSL connections, with
http.sslCipherList
andGIT_SSL_CIPHER_LIST
.
(See Cannot communicate securely with peer: no common encryption algorithm(s))Starting Git 2.6+ (Q3 2015), it will be possible to specify the SSL version explicitly:
http
: add support for specifying the SSL versionSee commit 01861cb (14 Aug 2015) by Elia Pinto (
devzero2000
).
Helped-by: Eric Sunshine (sunshineco
).
(Merged by Junio C Hamano --gitster
-- in commit ed070a4, 26 Aug 2015)http.sslVersion
The SSL version to use when negotiating an SSL connection, if you want to force the default.
The available and default version depend on whether libcurl was built against NSS or OpenSSL and the particular configuration of the crypto library in use. Internally this sets the 'CURLOPT_SSL_VERSION
' option; see the libcurl documentation for more details on the format of this option and for the ssl version supported.
Actually the possible values of this option are:
- sslv2
- sslv3
- tlsv1
- tlsv1.0
- tlsv1.1
- tlsv1.2
Can be overridden by the '
GIT_SSL_VERSION
' environment variable.
To force git to use libcurl's default ssl version and ignore any explicithttp.sslversion
option, set 'GIT_SSL_VERSION
' to the empty string.
The setting above is important since GitHub now (Feb. 2018) forces disabling weak cryptographic standards.
On February 8, 2018 we’ll start disabling the following:
- TLSv1/TLSv1.1: This applies to all HTTPS connections, including web, API, and git connections to https://github.com and https://api.github.com.
- diffie-hellman-group1-sha1: This applies to all SSH connections to github.com
- diffie-hellman-group14-sha1: This applies to all SSH connections to github.com
Git 2.18 (Q2 2018) can now use TLSv1.3:
When built with more recentcURL
,GIT_SSL_VERSION
can now specify "tlsv1.3
" as its value.See commit d81b651 (29 Mar 2018) by Loganaden Velvindron (
loganaden
).
(Merged by Junio C Hamano --gitster
-- in commit 9b59d88, 11 Apr 2018)
http
: allow use of TLS 1.3Add a tlsv1.3 option to
http.sslVersion
in addition to the existing tlsv1.[012] options.
libcurl
has supported this since 7.52.0.This requires OpenSSL 1.1.1 with TLS 1.3 enabled or
curl
built with recent versions of NSS or BoringSSL as the TLS backend.
这篇关于如何克服git错误`连接中未知的SSL协议错误'的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!