I don’t have a Cloudflare account so I can’t check. But is there an option to enable RSA certificates? That may fix OP’s issue.
I don’t think you can enable older ciphers, for free anyway
I’ve got the same error…
[~/public_html/rss]# git pull origin master
error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure while accessing https://tt-rss.org/git/tt-rss.git/info/refs?service=git-upload-pack
fatal: HTTP request failed
I have NO idea what to do…could someone explain what to do or the files to change
Thanks,
Stacey
the tldr version is that software on your server is likely too old (what distro are you running?) and doesn’t support necessary ciphers
my ssl setup for tt-rss.org has been somewhat conservative with disabling older stuff, cloudflare has a different approach
e: in all fairness both my debian jessie (released 2015) and centos 6 (released god knows when, updated to 6.10) can check out from cloudflare just fine. if you’re using something even older and unmaintained, maybe it’s time to finally upgrade, if only for all the vulnerabilities this setup is going to have.
Hi Fox,
Thanks for the quick response.
I’m trying to get my config from my hosting company, for now, is there a work around?
Stacey
Here goes:
; gnutls-cli -v v
gnutls-cli (GnuTLS) 2.12.23
Packaged by Debian (2.12.23-12ubuntu2.8)
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Written by Nikos Mavrogiannopoulos.
Hum… Too old?
And I got giggled at for running php 5.ancient
…
I’ll shut up now…
oh yikes!
/20charRRrrrrRrRr
The joys of running Ubuntu⸮… Such up to date systems.
ii libgnutls30:amd64 3.5.18-1ubuntu1
the trick with ubuntu is not running 12.04, forever
So, fun times. Trusty has the same version for git.
ii git 1:1.9.1-1ubuntu0. amd64 fast, scalable, distributed revision control system
depends on
ii libcurl3-gnutls:amd64 7.35.0-1ubuntu2.1 amd64 easy-to-use client-side URL transfer library (GnuTLS
depends on
ii libgnutls26:amd64 2.12.23-12ubuntu2 amd64 GNU TLS library - runtime library
Since I was running Trusty (14.something), that’s not a shock.
Any workarounds? Manually download repository? Hosting company is running Trusty which I don’t have much control over.
can you use ipv6? i thought about making a ipv6 only (AAAA) direct record to git.tt-rss.org since this wouldn’t expose origin ipv4 IP.
Yes, it looks like ipv6 is enabled on the host.
alternatively maybe a better idea would be setting up an automatic mirror somewhere like gitlab; however i’m not sure how friendly those services are to clients with older OSes.
apparently i have a gitlab account
https://gitlab.com/gothfox/tt-rss
someone with a vintage OS check if it works for you
I just tried and got a 403 error. I was able to clone one of my own repos from gitlab to my web host, so in principle it should work.
i poked at project settings a bit and cloning over https works for me now, without authentication.
homepc:Downloads:$ git clone https://gitlab.com/gothfox/tt-rss-android.git
Cloning into 'tt-rss-android'...
remote: Enumerating objects: 21213, done.
remote: Counting objects: 100% (21213/21213), done.
remote: Compressing objects: 100% (4984/4984), done.
^Cceiving objects: 41% (8698/21213), 748.00 KiB | 735.00 KiB/s
homepc:Downloads:$ git clone https://gitlab.com/gothfox/tt-rss.git
Cloning into 'tt-rss'...
remote: Enumerating objects: 65023, done.
remote: Counting objects: 100% (65023/65023), done.
remote: Compressing objects: 100% (24869/24869), done.
^Cceiving objects: 12% (7803/65023), 972.00 KiB | 931.00 KiB/s
Works for me now too, thanks!