Search code examples
gitconfigurationwindows-subsystem-for-linux

git fatal error: Unsupported SSL backend 'schannel'

Note, this question was meant for Using Git Bash under WSL under Windows for the MS TFS Git server, and I am still not clear what environment the top voted answer is under, so I'm still keeping my chosen answer as the answer.

Trying to access git-bash prepared git repo with canonical git, and I'm getting:

$ git pull
fatal: Unsupported SSL backend 'schannel'. Supported SSL backends:
        gnutls

Following Using Git Bash under WSL, I've done git config http.sslBackend openssl:

$ git config http.sslBackend 
openssl

$ git config --global http.sslBackend
openssl

Following tip from reddit, I've done:

sudo apt install -y gnutls-bin

# and here are my installed packages:
ii gnutls-bin  amd64 GNU TLS library - commandline utilities
ii libcurl3-gnutls:amd64  amd64 easy-to-use client-side URL transfer library (GnuTLS flavour)
ii libgnutls-dane0:amd64  amd64 GNU TLS library - DANE security support
ii libgnutls30:amd64  amd64 GNU TLS library - main runtime library

What else I'm missing?

$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 10 (buster)
Release:        10
Codename:       buster

Run within Windows WSL.

PS. After all above tweaking, git-bash can still pull this git repo just fine, so I guess the SSL backend 'schannel' is configured somewhere else in this repo.

PPS. Found that it has nothing to do with "git-bash prepared git repo", as even cloning a fresh one will give me the exact same error.

Here is my git config --show-origin -l output, let me know if I need to include more:

$ git config --show-origin -l | grep -E 'ssl|http'
file:/home/me/.gitconfig        http.sslbackend=openssl
file:.git/config        http.sslverify=false
file:.git/config        http.sslbackend=openssl
file:.git/config        http.emptyauth=true
file:.git/config        remote.origin.url=http://xxx:8080/tfs/DefaultCollection/xxx
file:.git/config        lfs.http://xxx:8080/tfs/DefaultCollection/xxx/info/lfs.access=ntlm
Solution

  • In general, the http.sslBackend option is only usable on Windows. Most Linux distros don't offer it as an option, since they don't compile with multiple TLS libraries.

    The proper solution is to remove all of the http.sslBackend options:

    $ git config --unset-all http.sslBackend

    If you must use OpenSSL for some reason, you'll need to compile with it yourself. Most Linux distros are legally prohibited from distributing Git linked to OpenSSL under the GPLv2, so they typically don't do that.