我刚刚安装了新版本的GitLab,在新安装后,SSL无法使用...它会抛出SSL23_GET_SERVER_HELLO:sslv3警报握手错误。SSH正常工作。唯一的区别是旧浏览器显示使用的是TLS 1.0,而新版本显示使用的是1.2。由于这与GitLab无关,所以我在stackoverflow上发布了这个问题...
$ git clone https://gitlabserver/group/project.git
Cloning into 'project'...
* Couldn't find host gitlabserver in the _netrc file; using defaults
* Adding handle: conn: 0x282d6f8
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x282d6f8) send_pipe: 1, recv_pipe: 0
* About to connect() to gitlabserver port 443 (#0)
* Trying gitlabserver...
* Connected to gitlabserver port 443 (#0)
* successfully set certificate verify locations:
* CAfile: c:/Users/lanid/curl-ca-bundle.crt
CApath: none
* error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
* Closing connection 0
fatal: unable to access 'https://gitlabserver/group/project.git/': error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
以下是测试 TLS 1.0 和 SNI 时 OpenSSL 的 s_client 输出结果:
openssl s_client -connect <hostname>:<port> -tls1 -servername <hostname>
Loading 'screen' into random state - done
CONNECTED(00000208)
8008:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:.\ssl\s3_pkt.c:1126:SSL alert number 40
8008:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:.\ssl\s3_pkt.c:547:
同样的命令在另一台具有相同设置但旧版本的服务器上工作正常...
OpenSSL 0.9.8zd 8 Jan 2015
)。你能否使用Brew或MacPorts安装一个更新的版本进行测试呢?或者参考OpenSSL的Compilation and Installation,然后使用/usr/local/ssl/bin
目录下的那个版本。 - jww