Bitbacket shutdown TLS v1.0 & v1.1. Our Jenkins fails because of old Git:
git --version
git version 1.8.2.3
+ GIT_CURL_VERBOSE=1
+ git ls-remote https://bitbucket.org/
* Couldn't find host bitbucket.org in the .netrc file, using defaults
* About to connect() to bitbucket.org port 443
* Trying 18.205.93.1... * connected
* Connected to bitbucket.org (18.205.93.1) port 443
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Unknown SSL protocol error in connection to bitbucket.org:443
I checked out Git release notes:
git clone --depth=1 https://github.com/git/git
and found nothing about TLS v1.2 support:
cd git/Documentation/RelNotes
grep TLS
What should I tell sysadmin which version of Git is minimum that supports TLS v1.2?
NOTE We are not on the hot in our infrastructure, please don't say anything about updating to yesterday release...
NOTE 2 I can miss Git internals and other OS libraries can affect TLS v1.2 support.
答案 0 :(得分:2)
为了执行HTTP和HTTPS,Git使用了一个名为libcurl的库。该库又与提供TLS的某些库链接,该库通常为OpenSSL,GnuTLS或NSS,具体取决于您的操作系统。在Linux上找出与Git链接的对象之一的最简单方法是运行direction={{ top:false, right:true, bottom:false, left:false, topRight:false, bottomRight:false, bottomLeft:false, topLeft:false }}
。
如果输出中包含“ libgnutls”,则说明您正在使用GnuTLS,并且需要GnuTLS 2.12.24或更高版本才能获得TLS 1.2的适当支持。
如果输出包含“ libnss”,则说明您正在使用NSS,并且需要NSS 3.15.1。
如果输出中包含“ libssl”的内容,而没有其他内容,则说明您使用的是OpenSSL,并且需要OpenSSL 1.0.1。
请注意,某些供应商会向后移植补丁程序,或者需要升级其libcurl版本才能正确启用TLS 1.2,因此,这可能并不完全正确,具体取决于您的供应商。
请注意,您可能正在为RHEL和CentOS 5使用Git的EPEL版本。如果是这样,请注意那些操作系统完全不支持TLS 1.2,并且将不会获得任何支持。
>答案 1 :(得分:1)
I found promising information on Github migration guilde:
Git on Red Hat 5, < 6.8, and < 7.2
Red Hat 5, 6, and 7 shipped with Git clients that did not support TLSv1.2. This can be addressed by updating to versions 6.8 and 7.2 (or greater) respectively. Unfortunately, Red Hat 5 does not have a point release that supports TLSv1.2. We advise that users of Red Hat 5 upgrade to a newer version of the operating system.
That doesn't answer my question: what is necessary from Git to be able to work with TLS v1.2. Which version, libc, other libraries version...
答案 2 :(得分:0)
作为对问题的间接答案,this post建议调用以下CLI命令来了解您的计算机使用的TLS版本:
nmap --script ssl-enum-ciphers -p 443 example.com