2

It seems that Bitbucket has now blocked TLS 1.0 and 1.1.

I am working in Eclipse on Mac OSx 10.12.6 using the MercurialEclipse (hg) 2.2 plugin.

I was receiving SSL handshake errors whenever I tried to pull from the remote Bitbucket repository.

I tried updating the plugin and doing a fresh install, but it still gave the same error.

Then I tried downloading and installing the latest Mercurial package (4.8) from the mercurial web site.

After doing this the error changed to this:

warning: connecting to bitbucket.org using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info abort: error: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:590)

I tried downloading the latest Python, both 3.7.1 and 2.7.15 as I read on Mercurial's site linked in the warning that that it had something to do with Python's OpenSSL implementation, but I still get the same error.

Any suggestions on how I can get Mercurial to work with Bitbucket via TLS 1.2?

Curtis
  • 3,170
  • 7
  • 28
  • 44
  • Check that you can connect via openssh to rule out weird network problems. openssl s_client -connect www.bitbucket.org:443 | grep "Protocol : TLSv". I am having this same issue using mercurial via command line on Linux. – Boos1993 Dec 04 '18 at 17:22
  • TLSv1.1 support was also discontinued, per https://bitbucket.org/blog/deprecating-tlsv1-tlsv1-1-2018-12-01 . Didn't you see any of the blog posts, tweets, pop-ups, CLI posts, Reddit/HN/Atlassian Community posts, or commentary here? – Jim Redmond Dec 04 '18 at 18:41
  • @Boos1993 get the handshake error when I run that code. – Curtis Dec 04 '18 at 19:45
  • @JimRedmond I saw the pop ups. But I didnt know mercurial was stuck using TLS 1.0. And I didnt realize they also got rid of 1.1 because the pop ups dont show up anymore. – Curtis Dec 04 '18 at 19:45
  • What version of OpenSSL are you running? `openssl version` should answer that for you. – Jim Redmond Dec 04 '18 at 20:07
  • @JimRedmond `OpenSSL 0.9.8zh 14 Jan 2016` – Curtis Dec 04 '18 at 20:21
  • but that would be the Mac one. Doesnt Python 2.7.15 come with its own OpenSSL now? – Curtis Dec 04 '18 at 20:29
  • When I run `python -c "import ssl; print ssl.OPENSSL_VERSION"` I get: `OpenSSL 1.0.2o 27 Mar 2018` – Curtis Dec 05 '18 at 16:31

4 Answers4

1

I was on Mac OS X 10.12 "Sierra". I updated to 10.13 "High Sierra" and it fixed the issue.

Notably... when I run openssl version now, I get: LibreSSL 2.2.7. Where as before on 10.12 I got: OpenSSL 0.9.8zh 14 Jan 2016.

Curtis
  • 3,170
  • 7
  • 28
  • 44
1

I tried the [ui] tls = False

This worked for me, though I do not get why. bitbucket only uses tls 1.2, and this seems like it would turn it off. Does anyone know why this worked? It is just bugging me.

Jim Godawski
  • 11
  • 1
0

As you i had the same issue , i had done the above mentioned solution in my VirtualMachine that solved the problem though, whereas in my realtime server this did not solve. The only option you got left is changes your hgrc file within the repository ie "reponame/.hg/hgrc" and update the default path to "ssh://hg@bitbucket.org/'reponame'" instead of "https:@bitbucket.org/'reponame'" its not a good solution but will work until Bitbucket support team comes up with some solution.

Doing this has solved my issue.

Akhil KC
  • 76
  • 1
  • 8
-1

Just a Suggestion can you create a "hgrc" file and add

[ui] tls = False

and give it a try.

Akhil KC
  • 76
  • 1
  • 8
  • I tried it. It didnt work. I dont know what this is suppose to do, but I assume this would turn off TLS? Because Im pretty sure Bitbucket requires TLS 1.2 – Curtis Dec 05 '18 at 15:47
  • did you create the hgrc file within your home/user location (linux/ubuntu) , or within the local-repository.?? – Akhil KC Dec 06 '18 at 12:29