[Solved] SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
i just installed new version of gitlab, after new installation ssl is not working… it throws SSL23_GET_SERVER_HELLO:sslv3 alert handshake error. ssh is working fine. only difference i see is in old browser says it is using TLS 1.0 and in new version it says 1.2. Since this is nothing to do with gitlab i posting the problem in stackoverflow…
$ git clone https://gitlabserver/group/project.git Cloning into 'project'... * Couldn't find host gitlabserver in the _netrc file; using defaults * Adding handle: conn: 0x282d6f8 * Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 0 (0x282d6f8) send_pipe: 1, recv_pipe: 0 * About to connect() to gitlabserver port 443 (#0) * Trying gitlabserver... * Connected to gitlabserver port 443 (#0) * successfully set certificate verify locations: * CAfile: c:/Users/lanid/curl-ca-bundle.crt CApath: none * error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure * Closing connection 0 fatal: unable to access 'https://gitlabserver/group/project.git/': error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Here is OpenSSL
s_client output while testing with TLS 1.0 and SNI:
openssl s_client -connect <hostname>:<port> -tls1 -servername <hostname> Loading 'screen' into random state - done CONNECTED(00000208) 8008:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:.ssls3_pkt.c:1126:SSL alert number 40 8008:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:.ssls3_pkt.c:547:
Same command for another server with same setup but old version works file…
If you facing this issue on Git Client.
Then install latest version of Git bash.
I faced the same issue and resolved installing the new Git Client.
Upgrading openssl resolved this issue…
An upgrade of OpenSSL should resolve your issues.
OpenSSL has had some serious vulnerabilities exposed of late. As well, many web servers around the web have tightened up security to block those vulnerable protocols and ciphers.