2

I'm trying to set up a Ruby on Rails application (OpenProject) on a windows server with IIS. I've got the new Helicon Zoo v4 (https://github.com/helicontech/zoo) up and running so far with Ruby 2.3 and the basic Ruby template installed. When I go to run the install script for OpenProject:

bundle install --deployment --without postgres sqlite development test therubyracer docker

I get an unknown protocol error with Git, while it tries to clone from GitHub. 

bundle install --deployment --without postgres development test therubyracer 
docker Fetching gem metadata from https://rubygems.org/...... 
Fetching version metadata from https://rubygems.org/.. 
Fetching dependency metadata from https://rubygems.org/. 
Fetching https://github.com/carrierwaveuploader/carrierwave 
fatal: unable to access 'https://github.com/carrierwaveuploader/carrierwave/': 
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

I thought for sure this would be easy to fix, like specifying to use TLS instead of SSLv3, but I've yet to find anything relevant for Git for windows, via command line. I'm still looking, but I thought I'd ask if anyone has ideas?

EDIT: Turning on the trace and verbose curl messages spit out a better error:

bundle install --deployment --without postgres development test therubyracer docker
Fetching gem metadata from https://rubygems.org/......
Fetching version metadata from https://rubygems.org/..
Fetching dependency metadata from https://rubygems.org/.
Fetching https://github.com/carrierwaveuploader/carrierwave
    * Couldn't find host github.com in the _netrc file; using defaults
    * timeout on name lookup is not supported
    *   Trying 192.30.253.113...
    * TCP_NODELAY set
    * Connected to github.com (192.30.253.113) port 443 (#0)
    * ALPN, offering http/1.1
    * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
    * successfully set certificate verify locations:
    *   CAfile: C:/Git/mingw64/ssl/certs/ca-bundle.crt   CApath: none
    * error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
    * Curl_http_done: called premature == 1
    * stopped the pause stream!
    * Closing connection 0 fatal: unable to access 'https://github.com/carrierwaveuploader/carrierwave/': error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Added Git/usr/bin folder to path, I can look at curl from the ruby web console:

D:\inetpub\wwwroot\openproject>where curl
C:\Git\usr\bin\curl.exe

D:\inetpub\wwwroot\openproject>curl --version
curl 7.51.0 (x86_64-pc-msys) libcurl/7.51.0 OpenSSL/1.0.2j zlib/1.2.11 libssh2/1.7.0
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: Debug IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets Metalink

Trying to set the protocol for git with: git config --global http.sslVersion sslv3

* Couldn't find host github.com in the _netrc file; using defaults
* timeout on name lookup is not supported
*   Trying 192.30.253.112...
* TCP_NODELAY set
* Connected to github.com (192.30.253.112) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: C:/Git/mingw64/ssl/certs/ca-bundle.crt
  CApath: none
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
* Curl_http_done: called premature == 1
* stopped the pause stream!
* Closing connection 0
fatal: unable to access 'https://github.com/carrierwaveuploader/carrierwave/': error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Nathaniel Roark
  • 197
  • 1
  • 10
  • Heya - just so it's easier for us to copy/paste to do our own searching... can you copy/paste that terminal output into your original question? (note: don't put it in comments as formatting is truly dreadful) thanks :) – Taryn East Feb 02 '17 at 03:44

2 Answers2

1

I documented here all the reasons for "protocol unknown".

An routines:SSL23_GET_SERVER_HELLO:unknown protocol error is a redirection issue.
Check your proxy settings is you have one.

If everything fails... try and switch to ssh

git config url."git@github.com/".insteadOf https://github.com/

Couldn't find host github.com in the _netrc file; using defaults
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

It looks like you are using an old openSSL.

Make sure to:

  • uncompress the very latest Git for Windows (2.11.1 released today: PortableGit-2.11.1-64-bit.7z.exe: an auto-extractible archive)

  • set your PATH as:

    set PATH=C:\path\to\Git\bin;C:\path\to\Git\usr\bin;%PATH%

(setting Git first in your PATH)

And make sure to specify:

git config --global http.sslVersion sslv3

Then try again.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • I'm not behind a proxy. I was thinking git for windows is using an older SSL protocol, but maybe it's simply a generic error message. I tried the config change but it complained that it's not in a git directory: fatal: not in a git directory – Nathaniel Roark Feb 03 '17 at 18:15
  • I'm going to try some of your recommendations from the other post. – Nathaniel Roark Feb 03 '17 at 18:18
  • @user7503764 What version of Git are you using? – VonC Feb 03 '17 at 19:36
  • So I did recently update Git to 2.10.0.3, but decided to update to this newest one because there were so many changes. Git was already in my PATH as the first directory too. I decided to add the usr\bin folder to path as you suggested. I went into the git bash window to check openssl and it's 1.0.2j Still receiving the same error. – Nathaniel Roark Feb 03 '17 at 20:32
  • @user7503764 Maybe it is a `curl` issue then (https://curl.haxx.se/docs/manpage.html). What does return `where curl`? – VonC Feb 03 '17 at 20:45
  • @user7503764 And `curl --version`? – VonC Feb 03 '17 at 20:50
  • I added the output from those commands. Also, I've since been trying to clone the same repo from my laptop, using git with gitextensions and get a similar protocol error trying to clone via https. I wonder if github desktop is the only way to get the repo in windows with https. – Nathaniel Roark Feb 03 '17 at 21:41
  • @user7503764 Can you try again after `git config --global http.sslVersion sslv3`? If that does not work, try with one of the other protocols listed at the end of http://stackoverflow.com/a/20492254/6309 – VonC Feb 03 '17 at 22:02
  • So sslv3 gives a handshake failure. sslv2 was not supported and all tls versions give the unknown protocol error. – Nathaniel Roark Feb 03 '17 at 23:03
  • @user7503764 does `curl --sslv3 https://github.com/carrierwaveuploader/carrierwave` work at least (or `curl -v3`)? Other than that, I would suspect Ruby itself. And read again http://blog.techstacks.com/2010/03/3-common-causes-of-unknown-ssl-protocol-errors-with-curl.html – VonC Feb 03 '17 at 23:26
  • I've asked one of our server engineers for help and he has mentioned we do in fact have an automatic proxy. I found this blog and will try the proxy settings: http://jacobbenson.com/?p=302#sthash.vwevqvYq.dpbs – Nathaniel Roark Feb 06 '17 at 18:03
1

Thanks to VonC for the troubleshooting tips! One of our server engineers looked at his answer and confirmed we do have an automatic proxy that I wasn't aware of. I was able to solve this using a mix of answers.

Collected from this answer I opened a windows command prompt and entered:

ping wpad

We just happened to have the common setup, so this confirmed the server exists. Then I retrieved the wpad file from the browser (details in the linked answer) and reviewed it to find the proxy. We have different servers per site, so I had to look for my location and specific proxy server.

From here, back in the Helicon Zoo web console, I set the proxy settings for Git with this command from another of VonC's answers:

git config --global http.proxy http://proxyserver:port

Replacing proxyserver and port with the actuals. Finally, I was able to clone from github.

Community
  • 1
  • 1
Nathaniel Roark
  • 197
  • 1
  • 10