[Solved] SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

i just installed new version of gitlab, after new installation ssl is not working… it throws SSL23_GET_SERVER_HELLO:sslv3 alert handshake error. ssh is working fine. only difference i see is in old browser says it is using TLS 1.0 and in new version it says 1.2. Since this is nothing to do with gitlab i posting the problem in stackoverflow…

$ git clone https://gitlabserver/group/project.git
Cloning into 'project'...
* Couldn't find host gitlabserver in the _netrc file; using defaults
* Adding handle: conn: 0x282d6f8
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x282d6f8) send_pipe: 1, recv_pipe: 0
* About to connect() to gitlabserver port 443 (#0)
*   Trying gitlabserver...
* Connected to gitlabserver port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: c:/Users/lanid/curl-ca-bundle.crt
  CApath: none
* error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

* Closing connection 0
fatal: unable to access 'https://gitlabserver/group/project.git/': error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

Here is OpenSSL s_client output while testing with TLS 1.0 and SNI:

openssl s_client -connect <hostname>:<port> -tls1 -servername <hostname>

Loading 'screen' into random state - done
CONNECTED(00000208)
8008:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:.ssls3_pkt.c:1126:SSL alert number 40
8008:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:.ssls3_pkt.c:547:

Same command for another server with same setup but old version works file…

Solution #1:

If you facing this issue on Git Client.

Then install latest version of Git bash.

I faced the same issue and resolved installing the new Git Client.

Solution #2:

Upgrading openssl resolved this issue…

Respondent: maestromani

Solution #3:

An upgrade of OpenSSL should resolve your issues.

OpenSSL has had some serious vulnerabilities exposed of late. As well, many web servers around the web have tightened up security to block those vulnerable protocols and ciphers.

Respondent: propMaster

The answers/resolutions are collected from stackoverflow, are licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0 .

Leave a Reply

Your email address will not be published.