When I’m trying to pull from our git server I get this error:
fatal: unable to access ‘xxx’: OpenSSL SSL_connect: SSL_ERROR_SYSCALL
in connection to xxx
When this happened before I was able to solve it by simply restoring the system but this time my system restore points got deleted for some reason, and I can’t do that either.
So this happens because something in my system settings related to SSL changes and I don’t know why.
I have tried installing git to use windows cert. store instead of OpenSSL and I got this error:
fatal: unable to access ‘xxx’: schannel: failed to receive handshake,
SSL/TLS connection failed
Same problem, different error message. The server is not sending back a hello message after the client hello. I thought this might happen because none of the cipher suites that I’m sending the server in the client hello message are supported by the server. So I’ve tried configuring a group policy and put the cipher suite the server is using first in order. But it didn’t make any difference.
I am able to connect the git server’s site through the browser. So my question is, what can I do to solve this problem?
asked Sep 28, 2017 at 15:15
Selman GençSelman Genç
99.8k13 gold badges118 silver badges183 bronze badges
1
In my case, I changed the .gitconfig from
[http] sslbackend = schannel
to
[http] sslbackend = openssl
Suraj Rao
29.3k11 gold badges94 silver badges103 bronze badges
answered Jan 15, 2019 at 15:04
1
I encountered the unable to access 'https://hostname.local/reponame.git/': schannel: failed to receive handshake, SSL/TLS connection failed error when I tried to use a http proxy for a git repo on the local network (which is not accessible through that particular proxy). I resetted the http.proxy setting to an empty string:
git config --global http.proxy ""
(Note that in my case, this was a global level setting, YMMV.)
answered May 5, 2020 at 12:42
Attila CsipakAttila Csipak
9072 gold badges12 silver badges34 bronze badges
1
For me it seems to be related to some questionable software that came preinstalled on my device. Whether using OpenSSL or schannel, I was getting these intermittent issues with my Killer wireless network adapter when the prioritization engine was turned on. When I disabled it, all the problems disappeared, and other network operations seemed faster in general as well.
Killer Prioritization Engine
If you have this software on Windows, you can disable it by typing «Killer» in the start menu and launching «Killer Intelligence Center». On version 3.1222.726.1, you should see an option in Quick Settings on the right of the dashboard called «Prioritization Engine». Switch it off and test your git operations again. I’m not yet sure what happens if I simply uninstall this software.
answered Dec 6, 2022 at 5:45
3
You should try again, for testing, with the Git for Windows release 2.14.2 (June 21th, 2018), which adds code to force-ignore http.sslCAinfo when the ssl backend is set to schannel (so that the Windows Certificate Store is not ignored).
This is really only relevant when running with cURL v7.60.0 (or later).
See commit c5ad43e:
http: when using Secure Channel, ignoresslCAInfoby defaultAs of cURL v7.60.0, the Secure Channel backend can use the certificate bundle provided via
http.sslCAInfo, but that would override the Windows Certificate Store. Since this is not desirable by default, let’s tell Git to not ask cURL to use that bundle by default when theschannelbackend was configured viahttp.sslBackend, unlessuseSSLCAInfo
overrides this behavior.
torek
442k57 gold badges627 silver badges757 bronze badges
answered Jun 21, 2018 at 19:54
VonCVonC
1.2m523 gold badges4358 silver badges5180 bronze badges
1
If you’re facing this issue in Visual Studio:
Open git settings and set the «Cryptographic network provider» to «OpenSSL«
Here’s an example
answered Dec 21, 2022 at 14:20
I had the same issue (windows 10) and a reboot fixed the issue.
answered Nov 11, 2019 at 11:24
TheLogicManTheLogicMan
3714 silver badges12 bronze badges
I my case I had this issue when using a local proxy (in my case px) to access the www (like github.com) but also using the same setup for our company github-site (git.example.org). I thought that this site would be also in the www, but it turned out that actually it was going trough a NAT-IP (internal). Therefore I had to exclude the internal IP address from my local proxy. Then it worked.
answered May 18, 2020 at 4:17
LeonLeon
3566 silver badges10 bronze badges
I was facing the same issue and then i tried setting url of repository where i needed to push,,, you just need to set the origin to gitHub repo use the following code
git remote set-url origin <URL of Your Repo>
answered Sep 29, 2022 at 15:57
One «weak» solution is to set GIT_SSL_NO_VERIFY:
export GIT_SSL_NO_VERIFY=true
Or on Windows, set the environment variable, either in the system or on the command line if using a command-line version of Git:
set GIT_SSL_NO_VERIFY=true
It will simply do what it says…
answered Oct 2, 2017 at 21:32
1
In my case the NO_PROXY variable was not properly configured.
answered Jan 29, 2018 at 13:22
Mr_TMr_T
1931 silver badge6 bronze badges
In my case — same issue in jenkins job — I had the wrong user credentials provided.
answered Mar 5, 2018 at 8:57
papanitopapanito
2,2762 gold badges31 silver badges57 bronze badges
I have solution in my errors case.You can use command :
git push orgin destination_branch
answered Apr 27, 2019 at 17:36
1
When I’m trying to pull from our git server I get this error:
fatal: unable to access ‘xxx’: OpenSSL SSL_connect: SSL_ERROR_SYSCALL
in connection to xxx
When this happened before I was able to solve it by simply restoring the system but this time my system restore points got deleted for some reason, and I can’t do that either.
So this happens because something in my system settings related to SSL changes and I don’t know why.
I have tried installing git to use windows cert. store instead of OpenSSL and I got this error:
fatal: unable to access ‘xxx’: schannel: failed to receive handshake,
SSL/TLS connection failed
Same problem, different error message. The server is not sending back a hello message after the client hello. I thought this might happen because none of the cipher suites that I’m sending the server in the client hello message are supported by the server. So I’ve tried configuring a group policy and put the cipher suite the server is using first in order. But it didn’t make any difference.
I am able to connect the git server’s site through the browser. So my question is, what can I do to solve this problem?
asked Sep 28, 2017 at 15:15
Selman GençSelman Genç
99.8k13 gold badges118 silver badges183 bronze badges
1
In my case, I changed the .gitconfig from
[http] sslbackend = schannel
to
[http] sslbackend = openssl
Suraj Rao
29.3k11 gold badges94 silver badges103 bronze badges
answered Jan 15, 2019 at 15:04
1
I encountered the unable to access 'https://hostname.local/reponame.git/': schannel: failed to receive handshake, SSL/TLS connection failed error when I tried to use a http proxy for a git repo on the local network (which is not accessible through that particular proxy). I resetted the http.proxy setting to an empty string:
git config --global http.proxy ""
(Note that in my case, this was a global level setting, YMMV.)
answered May 5, 2020 at 12:42
Attila CsipakAttila Csipak
9072 gold badges12 silver badges34 bronze badges
1
For me it seems to be related to some questionable software that came preinstalled on my device. Whether using OpenSSL or schannel, I was getting these intermittent issues with my Killer wireless network adapter when the prioritization engine was turned on. When I disabled it, all the problems disappeared, and other network operations seemed faster in general as well.
Killer Prioritization Engine
If you have this software on Windows, you can disable it by typing «Killer» in the start menu and launching «Killer Intelligence Center». On version 3.1222.726.1, you should see an option in Quick Settings on the right of the dashboard called «Prioritization Engine». Switch it off and test your git operations again. I’m not yet sure what happens if I simply uninstall this software.
answered Dec 6, 2022 at 5:45
3
You should try again, for testing, with the Git for Windows release 2.14.2 (June 21th, 2018), which adds code to force-ignore http.sslCAinfo when the ssl backend is set to schannel (so that the Windows Certificate Store is not ignored).
This is really only relevant when running with cURL v7.60.0 (or later).
See commit c5ad43e:
http: when using Secure Channel, ignoresslCAInfoby defaultAs of cURL v7.60.0, the Secure Channel backend can use the certificate bundle provided via
http.sslCAInfo, but that would override the Windows Certificate Store. Since this is not desirable by default, let’s tell Git to not ask cURL to use that bundle by default when theschannelbackend was configured viahttp.sslBackend, unlessuseSSLCAInfo
overrides this behavior.
torek
442k57 gold badges627 silver badges757 bronze badges
answered Jun 21, 2018 at 19:54
VonCVonC
1.2m523 gold badges4358 silver badges5180 bronze badges
1
If you’re facing this issue in Visual Studio:
Open git settings and set the «Cryptographic network provider» to «OpenSSL«
Here’s an example
answered Dec 21, 2022 at 14:20
I had the same issue (windows 10) and a reboot fixed the issue.
answered Nov 11, 2019 at 11:24
TheLogicManTheLogicMan
3714 silver badges12 bronze badges
I my case I had this issue when using a local proxy (in my case px) to access the www (like github.com) but also using the same setup for our company github-site (git.example.org). I thought that this site would be also in the www, but it turned out that actually it was going trough a NAT-IP (internal). Therefore I had to exclude the internal IP address from my local proxy. Then it worked.
answered May 18, 2020 at 4:17
LeonLeon
3566 silver badges10 bronze badges
I was facing the same issue and then i tried setting url of repository where i needed to push,,, you just need to set the origin to gitHub repo use the following code
git remote set-url origin <URL of Your Repo>
answered Sep 29, 2022 at 15:57
One «weak» solution is to set GIT_SSL_NO_VERIFY:
export GIT_SSL_NO_VERIFY=true
Or on Windows, set the environment variable, either in the system or on the command line if using a command-line version of Git:
set GIT_SSL_NO_VERIFY=true
It will simply do what it says…
answered Oct 2, 2017 at 21:32
1
In my case the NO_PROXY variable was not properly configured.
answered Jan 29, 2018 at 13:22
Mr_TMr_T
1931 silver badge6 bronze badges
In my case — same issue in jenkins job — I had the wrong user credentials provided.
answered Mar 5, 2018 at 8:57
papanitopapanito
2,2762 gold badges31 silver badges57 bronze badges
I have solution in my errors case.You can use command :
git push orgin destination_branch
answered Apr 27, 2019 at 17:36
1
Platform Notice: Cloud Only — This article only applies to Atlassian products on the cloud platform.
Summary
The KB discusses an error «schannel: failed to receive handshake, SSL/TLS connection failed» that occurs while using Git’s clone, pull, push, and fetch commands locally.
Full error message:
10:34:44.724660 http.c:774 == Info: Connected to bitbucket.org (<ip>) port 443 (#0)
10:34:45.139844 http.c:774 == Info: schannel: failed to receive handshake, SSL/TLS connection failed
10:34:45.139844 http.c:774 == Info: Closing connection 0
10:34:45.139844 http.c:774 == Info: schannel: shutting down SSL/TLS connection with bitbucket.org port 443
10:34:45.140838 http.c:774 == Info: Send failure: Connection was reset
10:34:45.140838 http.c:774 == Info: schannel: failed to send close msg: Failed sending data to the peer (bytes written: -1)
fatal: unable to access 'https://bitbucket.org/<workspace>/<repo>.git/': schannel: failed to receive handshake, SSL/TLS connection failedDiagnosis
- Try connecting to a different network, such as a VPN or a mobile hotspot, and check if the error persists. This will help determine if the error is related to your local network.
- Check if you have a proxy configured in your network and temporarily disable it to see if it’s causing the error. A misconfigured proxy can sometimes interfere with Git’s ability to verify SSL certificates, resulting in an error message.
Cause
The error message «schannel: failed to receive handshake, SSL/TLS connection failed» usually occurs when there is an issue with the SSL/TLS handshake process between the client and server during a secure connection establishment.
The SSL/TLS handshake is a process that establishes a secure connection between a client and a server over a network. During the handshake process, the client and server exchange cryptographic keys, agree on a common cipher suite, and authenticate each other’s identity.
There are several reasons why the handshake process may fail, leading to the error message you are seeing, but the main reasons this can happen is because:
-
Firewall or network issues: If a firewall or network issue prevents the client and server from establishing a secure connection, the handshake may fail.
-
Client-side issues (proxy): If there is an issue with the client’s SSL/TLS implementation or configuration, the handshake may fail.
Solution
If the steps suggested in the diagnosis resolved the issue, then the issue is most likely with your local network. Please get in touch with your network team to identify if any recent changes can cause the SSL/TLS handshake to fail.
Symptoms
On a Windows 7 machine, Acronis Cyber Files Cloud fails to establish connection, with the following error:
RequestError: (35, ‘schannel: failed to receive handshake, SSL/TLS connection failed’)
Cause
This issue is related to disabling TLS 1.0 protocol due to security concerns during deployment of Acronis Cyber Cloud 7.9. Since TLS 1.0 was disabled but TLS 1.2 was not enabled by default on Windows 7, the machine cannot connect to datacenter.
Solution
Enable TLS 1.2 protocol on Windows 7 machine:
1) Open Windows Registry (Start -> Run -> regedit)
2) Create the following registry keys:
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client]
«DisabledByDefault»=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server]
«DisabledByDefault»=dword:00000000
More information
Starting with January 2020, Microsoft, Apple, Google and Mozilla are planning to disable TLS1.1 by default. While Acronis Cyber Files Cloud supports connections over TLS1.1, we recommend to enable TLS1.2 right away, as described in the Solution section.
If you still need to enable TLS1.1, create the following registry keys.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Client]
«DisabledByDefault»=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Server]
«DisabledByDefault»=dword:00000000
See also How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll on MS Support site
The problem
I keep getting «fatal: unable to access ‘https://github.com/${user}/${repo}.git/’: schannel: failed to receive handshake, SSL/TLS connection failed» while trying to push my code to a remote repo.
This error is completely random, and the app will sometimes push to Github while still displaying it, and other times it will not.
Other times, I’ll have to restart the app, and it’ll work fine the first time, but then throw the error again in subsequent commits.
Release version
Version 3.0.0 (x64)
Operating system
Windows 10
Steps to reproduce the behavior
- Create a local repository
- Push to Github
Log files
2022-06-08.desktop.production.log
Screenshots
no reponse
Additional context
no reponse