-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unknown SSL protocol error in connection to github.com:443 #234
Comments
Please try with If you're using Git Bash, then do
and if you're using regular
...and so on. This would make the HTTP[S] client library Git uses be chatty about what it does. |
In the .gitconfig I added connection info: [http] [https] I got this: Developer@BUSHCOMP MINGW64 /d/_git.sandbox Developer@BUSHCOMP MINGW64 /d/_git.sandbox Developer@BUSHCOMP MINGW64 /d/_git.sandbox
< HTTP/1.1 407 Proxy Authentication Required ( Для выполнения запроса компоненту Forefront TMG требуется авторизация. Доступ к фильтру веб-прокси запрещен. )
< HTTP/1.1 407 Proxy Authentication Required ( Для выполнения запроса компоненту Forefront TMG требуется авторизация. Доступ к фильтру веб-прокси запрещен. )
< HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )
< HTTP/1.1 407 Proxy Authentication Required ( Для выполнения запроса компоненту Forefront TMG требуется авторизация. Доступ к фильтру веб-прокси запрещен. )
|
When I used version 1.9.5 from here: https://git-scm.com/download/win it worked fine. :((( |
Looks to me as if the proxy talked an SSL protocol that is no longer supported. I remember that one of the older SSL protocols was disabled recently because it poses security concerns. Maybe that's it? |
@dscho, I disagree: it's impossible to proxy TLS connections in the same way as simple HTTP requests because to do this, you'd have to actually MitM them (on a side note -- you might find this amusing to read). Hence the client does not use But I'm afraid the root cause is that the proxy never actually answered 200 OK to the client: no matter what it sent, it kept sending 407 back. Andrey, could you capture and post the same sample session made using 1.9.5? The cipher spec of the client's OpenSSL and the protocol used to connect to the proxy (HTTP/1.1 vs HTTP/1.0) would be of special interest IMO. |
Andrey, one more thing: is this possible to negotiate with your admins to let direct connections to github's 443 for some time? You could then try to factor out the proxy by directly testing whether Git's OpenSSL is able to connect using something like
from your Git Bash ( Or may be in the settings it does to the OpenSSL's context (see my previous comment). On my machine, the above encantation results in
so I'd say it looks good. Testing with various |
OK, tested using
So, my next couple of thoughts:
|
To be convinced of it once again I uninstall it http://git-for-windows.github.io/ and install this https://git-scm.com/download/win again. But now it doesn't work too... It worked for me in earlier monthes (with my proxy settings in .gitconfig file as I wrote above), I don't know why it doesn't work now.... This is my current output for 1.9.5: Developer@BUSHCOMP /d/_git.sandbox
Admin told me he doesn't lock 443 port. Developer@BUSHCOMP /d/_git.sandbox
But it worked earlier without domain name... Ok, I tried such variant: [http] [https] But it didn't help me. I get the same problem. |
Oh... I am inattentive donkey... Yesterday I compared these two connection strings and didn't see a difference. Every 30 days we change our passwords. I changed it for the |
How can I remove this unuseful "issue"? |
Andrey, are you sure you don't want to allow Git use single sign-on for you as I outlined in my previous comment? That would solve your issue once and for all -- that is, |
kostix, how can I use it? Must I download |
Andrey, have you actually read this thread? Git uses TL;DR |
Yes, but my English is bad.
I tried (for Git for Windows 1.9.5) such variants in my proxy = proxy2:8080 |
The Glad it helped. |
No, it doesn't work in Windows Git-2.4.5.1-4th-release-candidate without |
Oh, that's a very interesting discovery indeed! The Hence the "@" character in the proxy spec suggests this way we select empty user and password but require authentication at the proxy server, while absent "@" supposedly means we expect no authentication request from the proxy at all! So that's a valuable information! Regarding your SO question: please don't abuse the bug tracker: this information is entirely irrelevant to this thread. |
Windows 7 x64. Computer are located in a domain of company. Installed Git-2.4.5.1-4th-release-candidate-64-bit.exe. I get an error, when I try to get repository from GitHub:
Developer@BUSHCOMP MINGW64 /d/_git.sandbox
$ git clone https://github.com/progit/progit2-ru.git
Клонирование в «progit2-ru»…
fatal: unable to access 'https://github.com/progit/progit2-ru.git/': Unknown SSL protocol error in connection to github.com:443
How can I solve it?
The text was updated successfully, but these errors were encountered: