Help Center/ CodeArts Repo/ FAQs/ Authentication/ TLS Handshake Fails and the Error Message "ssl handshake failure" Is Displayed
Updated on 2024-11-11 GMT+08:00
View PDF
Share

TLS Handshake Fails and the Error Message "ssl handshake failure" Is Displayed

Symptom

Run the following command on the local host to establish a TLS1.0 connection with the specified server and obtain the certificate information:

openssl s_client -connect test.com:443 -tls1

The following error message is displayed.

CONNECTED(00000003)
140155533838224:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:s3_pkt.c:1493:SSL alert number 70
140155533838224:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:659:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1720443876
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

Analysis

CodeArts Repo supports TLS1.2 and TLS1.3.

Solution

  1. Run the following command on the Git Bash client to check your Git version: 

    git --version

  2. If your Git is earlier than 2.6.0, upgrade it to the latest version. The latest Git supports TLSv1.2 by default. If your Git version is 2.6.0 or later, specify the TLS protocol version: 

    openssl s_client -connect test.com:443 -tls1_2

Table 1 Known incompatible clients

Client

Description

Git Credential Manager for Windows< v1.14.0

TLSv1.2 is not supported. Upgrade the Git client to the latest version. Select to install the Git Credential Manager during the upgrade.

Git on Red Hat 5
  • TLSv1.2 is not supported.
  • Upgrade to a later version.

Git on Red Hat 6

Upgrade to 6.8 or a later version.

Git on Red Hat 7

Upgrade to 7.2 or a later version.

JDK7

TLSv1.0 is used in JDK 7 by default. Any client, such as Eclipse JGit, running on an earlier version of JDK is affected. This can be resolved by enabling TLSv1.2 in JDK 7.

JDK6 or earlier
  • TLSv1.2 is not supported.
  • Upgrade to a later version.

Visual Studio
  • Visual Studio comes with specific versions of Git for Windows and Git Credential Manager for Windows (GCM).
  • Microsoft has updated the latest version of Visual Studio 2017 to work with the TLSv1.2 Git server.
  • We recommend that Visual Studio users upgrade to the latest version by clicking the in-product notification flag or checking for updates directly from the IDE.
  • Microsoft has provided additional guidance on the Visual Studio developer community support forum.

Third-party Git GUIs

If you use a third-party Git client, such as Eclipse, JetBrains, SourceTree, VSCode, Tower, or TortoiseGit, you are advised to download the latest Git Bash and use the native Git instead of the built-in type in the tool.

  • Settings in IDEA

  • Settings in Eclipse

Parent topic: Authentication