Git clone fails with SSL routines:SSL23_GET_SERVER_HELLO

Troubleshooting Git

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

The following errors are encountered when trying to clone a Stash repository from a client machine:

* error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
* Closing connection 0
fatal: unable to access 'https://kidney:8443/stash/scm/proj/testone.git': error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
Cloning into 'clone'...
fatal: unable to access 'https://kidney:8443/stash/scm/proj/clone.git': error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

Cause

There is a reported bug in OpenSSL: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/861137. The OpenSSL version installed on your client is v1.0+.

 

Resolution

Option 1:

Edit the Tomcat configuration for Stash (as an attribute under the Connector element) to only allow stronger encryption by editing <Stash installation directory>/conf/server.xml and then restarting Stash:

ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"

Option 2:

This bug was introduced as of OpenSSL v1.0+. Please downgrade your OpenSSL/0.9.8k on the client trying to clone from Stash.

Read more here:

Last modified on Mar 30, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.