When trying to clone from a https repository I get the following error:
fatal: unable to access 'https://xxx/': error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112)
According to this this is caused by a problem in openssl/curl which does not properly handle warning level alerts in SSLv23. On the commandline passing -3 to curl sovles the issue.
How can I tell git to "pass" -3to curl while cloning?
Additional Information
- I use msysgit: git version 1.8.4.msysgit.0
- with OpenSSL 0.9.8e 23 Feb 2007
- Settign http.sslVerify to false does not solve my problem (the connection does not reach this point and bails out before).
- I could reproduce the problem with
curl:
.
$ curl -v https://xxx/
* Adding handle: conn: 0x13dc6e8
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x13dc6e8) send_pipe: 1, recv_pipe: 0
* About to connect() to xxx port 443 (#0)
* Trying 1.2.3.4...
* Connected to xxx (1.2.3.4) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: C:\Program Files\Git\bin\curl-ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112)
* Closing connection 0
curl: (35) error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112)
and passing the -3option fixes the issue:
$ curl -v -3 https://xxx/
* ...
* Connected to xxx (1.2.3.4) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: C:\Program Files\Git\bin\curl-ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
...
Edit
The server is running with OpenSSL 1.0.1e 11 Feb 2013 which points to this
