有一台很老服务器,使用的是centos5的系统
由于github升级了openssl,停用了tlsv1.1,git使用的时候就会出现
#git clone https://github.com/esnet/iperf.git
Cloning into iperf...
error: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version while accessing https://github.com/esnet/iperf.git/info/refs
看看详细信息:
#GIT_CURL_VERBOSE=1 git clone https://github.com/esnet/iperf.git
Cloning into iperf...
* Couldn't find host github.com in the .netrc file; using defaults
* About to connect() to github.com port 443 (#0)
* Trying 13.229.188.59... * Connected to github.com (13.229.188.59) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
* Closing connection #0
* Couldn't find host github.com in the .netrc file; using defaults
* About to connect() to github.com port 443 (#0)
* Trying 13.229.188.59... * Connected to github.com (13.229.188.59) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
* Closing connection #0
error: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version while accessing https://github.com/esnet/iperf.git/info/refs
fatal: HTTP request failed
搜索了一下,大多都是说git版本太低了,升级了一下git,结果运行了结果还一样。
又测试了一下,发现curl也存在相同的问题。
再找,有人说是openssl的问题,升级之。
看了一个能用的centos系统,openssl是1.0.2,于是下载了1.0.2r版本的
#wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2r.tar.gz
#tar -xf openssl-1.0.2r.tar.gz
#cd openssl-1.0.2r
#./config shared zlib
#make -j3
#make install
需要注意的是由于没有 指定prefix,安装在/usr/local/ssl
#/usr/local/ssl/bin/openssl version
OpenSSL 1.0.2r 26 Feb 2019
新版本已经可以使用,下面将老版本替换,需要将bin和lib都替换,如果还要编译程序,则include也要替换:
mv /usr/bin/openssl /usr/bin/openssl.old
ln -s /usr/local/ssl/bin/openssl /usr/bin
mv /usr/include/openssl /usr/include/openssl.old
ln -s /usr/local/ssl/include/openssl /usr/include
cd /lib
mv libssl.so.6 libssl.so.6.old
ln -s /usr/local/ssh/lib/libssl.so libssl.so.6
mv libcrypto.so.6 libcrypto.so.6.old
ln -s /usr/local/ssl/lib/libcrypto.so libcrypto.so.6
测试一下:
#openssl version
OpenSSL 1.0.2r 26 Feb 2019
说明OK。
再运行一下git:
#git clone https://github.com/esnet/iperf.git
Cloning into iperf...
remote: Enumerating objects: 19, done.
remote: Counting objects: 100% (19/19), done.
remote: Compressing objects: 100% (16/16), done.
receiving objects: 28% (2120/7564), 2.46 MiB | 303 KiB/s
可以正常使用了,但是同时引入了新的问题
#ssh localhost
OpenSSL version mismatch. Built against 1000005f, you have 1000212f
ssh不能正常使用了,可以把openssh也升级一下了,这个就简单了。
至此,openssl版本太低的问题解决。