git OpenSSL: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version的解决

有一台很老服务器,使用的是centos5的系统

由于github升级了openssl,停用了tlsv1.1,git使用的时候就会出现

#git clone https://github.com/esnet/iperf.git

Cloning into iperf...

error: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version while accessing https://github.com/esnet/iperf.git/info/refs

看看详细信息:

#GIT_CURL_VERBOSE=1 git clone https://github.com/esnet/iperf.git

Cloning into iperf...

* Couldn't find host github.com in the .netrc file; using defaults

* About to connect() to github.com port 443 (#0)

*  Trying 13.229.188.59... * Connected to github.com (13.229.188.59) port 443 (#0)

* successfully set certificate verify locations:

*  CAfile: none

  CApath: /etc/ssl/certs/

* error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

* Closing connection #0

* Couldn't find host github.com in the .netrc file; using defaults

* About to connect() to github.com port 443 (#0)

*  Trying 13.229.188.59... * Connected to github.com (13.229.188.59) port 443 (#0)

* successfully set certificate verify locations:

*  CAfile: none

  CApath: /etc/ssl/certs/

* error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

* Closing connection #0

error: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version while accessing https://github.com/esnet/iperf.git/info/refs

fatal: HTTP request failed


搜索了一下,大多都是说git版本太低了,升级了一下git,结果运行了结果还一样。

又测试了一下,发现curl也存在相同的问题。

再找,有人说是openssl的问题,升级之。

看了一个能用的centos系统,openssl是1.0.2,于是下载了1.0.2r版本的

#wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2r.tar.gz

#tar -xf openssl-1.0.2r.tar.gz

#cd openssl-1.0.2r

#./config shared zlib

#make -j3

#make install

需要注意的是由于没有 指定prefix,安装在/usr/local/ssl

#/usr/local/ssl/bin/openssl version

OpenSSL 1.0.2r 26 Feb 2019

新版本已经可以使用,下面将老版本替换,需要将bin和lib都替换,如果还要编译程序,则include也要替换:

mv /usr/bin/openssl /usr/bin/openssl.old

ln -s /usr/local/ssl/bin/openssl /usr/bin

mv /usr/include/openssl /usr/include/openssl.old

ln -s /usr/local/ssl/include/openssl /usr/include

cd /lib

mv libssl.so.6 libssl.so.6.old

ln -s /usr/local/ssh/lib/libssl.so libssl.so.6

mv libcrypto.so.6 libcrypto.so.6.old

ln -s /usr/local/ssl/lib/libcrypto.so libcrypto.so.6

测试一下:

#openssl version

OpenSSL 1.0.2r 26 Feb 2019

说明OK。

再运行一下git:

#git clone https://github.com/esnet/iperf.git

Cloning into iperf...

remote: Enumerating objects: 19, done.

remote: Counting objects: 100% (19/19), done.

remote: Compressing objects: 100% (16/16), done.

receiving objects:  28% (2120/7564), 2.46 MiB | 303 KiB/s   

可以正常使用了,但是同时引入了新的问题

#ssh localhost

OpenSSL version mismatch. Built against 1000005f, you have 1000212f


ssh不能正常使用了,可以把openssh也升级一下了,这个就简单了。

至此,openssl版本太低的问题解决。

你可能感兴趣的:(git OpenSSL: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version的解决)