i just installed new version of gitlab, after new installation ssl is not working... it throws SSL23_GET_SERVER_HELLO:sslv3 alert handshake error. ssh is working fine. only difference i see is in old browser says it is using TLS 1.0 and in new version it says 1.2. Since this is nothing to do with gitlab i posting the problem in stackoverflow...
$ git clone https://gitlabserver/group/project.git
Cloning into 'project'...
* Couldn't find host gitlabserver in the _netrc file; using defaults
* Adding handle: conn: 0x282d6f8
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x282d6f8) send_pipe: 1, recv_pipe: 0
* About to connect() to gitlabserver port 443 (#0)
* Trying gitlabserver...
* Connected to gitlabserver port 443 (#0)
* successfully set certificate verify locations:
* CAfile: c:/Users/lanid/curl-ca-bundle.crt
CApath: none
* error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
* Closing connection 0
fatal: unable to access 'https://gitlabserver/group/project.git/': error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Here is OpenSSL s_client output while testing with TLS 1.0 and SNI:
openssl s_client -connect <hostname>:<port> -tls1 -servername <hostname>
Loading 'screen' into random state - done
CONNECTED(00000208)
8008:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:.ssls3_pkt.c:1126:SSL alert number 40
8008:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:.ssls3_pkt.c:547:
Same command for another server with same setup but old version works file...
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
