Search code examples
gittortoisegitsourcetree

Git unable to fetch, pull or clone using https

I am having problems fetching, pulling and cloning from a git repository. I get the following error message

git -c diff.mnemonicprefix=false -c core.quotepath=false fetch origin
fatal: unable to access 'https://name@domain.tld/scm/project/projectname.git/': error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol

Server is a self hosted BitBucket server and Client is Sourcetree 1.8.3.0. Git is 2.6.1, but getting the same error with 2.7.2

Client Machine is Windows 10.

The same configuration works on a Mac. Also with TortoiseGit instead of Sourcetree give the error. So I suspect that Win is causing the problem.

How can I find out, what the real issue is? The error message is not very helpful.

Update:

this is what I get, when I perform a git pull from the command line

C:\0.GIT\project>set GIT_TRACE=1
C:\0.GIT\project>set GIT_CURL_VERBOSE=1

C:\0.GIT\project>git pull
08:48:43.730071 git.c:348               trace: built-in: git 'pull'
08:48:43.734740 run-command.c:343       trace: run_command: 'fetch' '--update-head-ok'
08:48:43.974726 git.c:348               trace: built-in: git 'fetch' '--update-head-ok'
08:48:43.988735 run-command.c:343       trace: run_command: 'git-remote-https' 'origin' 'https://ulrich@server.domain.tld/project.git'
* Couldn't find host server.domain.tld in the _netrc file; using defaults
* timeout on name lookup is not supported
*   Trying 81.xxx.xxx.xxx ...
* Connected to server.domain.tld (81.xxx.xxx.xxx) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
  CApath: none
* error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol
* Closing connection 0
fatal: unable to access 'https://ulrich@server.domain.tld/project.git/': error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol
Solution

  • This error message indicates that the server is not supporting state of the art TLS versions, but only SSLv2 or SSLv3.

    Git uses curl which uses OpenSSL which is RFC conform: https://www.rfc-editor.org/rfc/rfc7568 requires to not support SSLv3 (see https://www.openssl.org/news/changelog.html where weak ciphers were disabled by default).