Home > Blockchain >  TLS1.3 error 'Wrong version number' on non-TLS 1.3 Azure repository
TLS1.3 error 'Wrong version number' on non-TLS 1.3 Azure repository

Time:11-17

I'm on the latest version of Git for Windows (2.33.1.windows.1). This particular Azure server does not support TLS 1.3 (according to ssllabs.com). Is there any configuration that can be done client-side to instruct GIT to use TLS 1.2?

Here is the error output:

PS C:\> git clone https://[email protected]/MyOrganization/project1/_git/project1
Cloning into 'project1'...
15:34:54.959787 http.c:781              == Info: Couldn't find host dev.azure.com in the (nil) file; using defaults
15:34:54.991272 http.c:781              == Info:   Trying [ip]:443...
15:34:55.122514 http.c:781              == Info: Connected to dev.azure.com ([ip]) port 443 (#0)
15:34:55.122514 http.c:781              == Info: ALPN, offering h2
15:34:55.122514 http.c:781              == Info: ALPN, offering http/1.1
15:34:55.122514 http.c:781              == Info: successfully set certificate verify locations:
15:34:55.122514 http.c:781              == Info:  CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
15:34:55.122514 http.c:781              == Info:  CApath: none
15:34:55.122514 http.c:781              == Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
15:34:55.161648 http.c:781              == Info: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
15:34:55.161648 http.c:781              == Info: Closing connection 0
fatal: unable to access 'https://dev.azure.com/MyOrganization/project1/_git/project1/': error:1408F10B:SSL routines:ssl3_get_record:wrong version number

CodePudding user response:

This message doesn't mean that the client cannot fall back to TLS 1.2. That should happen automatically. Instead, this message usually means that the message the remote side sent doesn't look like TLS. That could be because you require a proxy of some sort (or are using one and it's failing), or because you have some machine or program (which could be a non-default antivirus or firewall) which prevents the connection from succeeding.

  • Related