Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Cannot pull from bitbucket using https on ubuntu 14.04

As of today, git pull is failing:

fatal: unable to access 'https://...@bitbucket.org/.../myproj.git/': gnutls_handshake() failed: Handshake failed

I assume this has to do with removing support for older ciphers.

Question is: how do I fix it?

Hunting around I'm seeing suggestions to upgrade the version of openssl.

I have version 1.0.1f and when I try to upgrade the system tells me that I have the most recent version installed:

GIT_CURL_VERBOSE=1 git ls-remote https://bitbucket.org/

fatal: unable to access 'https://bitbucket.org/': gnutls_handshake() failed: Handshake failed

% openssl version

1.0.1f 6 Jan 2014

% sudo apt-get update && sudo apt-get install --only-upgrade openssl

...

already at the newest version

% python -c "import json, urllib2; print json.load(urllib2.urlopen('https://www.howsmyssl.com/a/check'))['tls_version']"

TLS 1.2

Any idea on how to fix this to regain access to my bitbucket repo?

 

33 answers

1 accepted

For all of those that are using Ubuntu 14.04.5 LTS, I fix this with an ugly workaround. The root problem of this seems to be a bug with the libcurl3 version and the TLS 1.2.

The curl version needs to be upgraded and I use the Ubuntu 16 repo (xenial) to update the curl package. These repos were used on /etc/apt/sources.list:

deb http://security.ubuntu.com/ubuntu xenial-security main
deb http://cz.archive.ubuntu.com/ubuntu xenial main universe

After this an:

apt-get update && apt-get install curl

And finally you can check if curl was updated with:

curl -V
curl 7.70.0 (x86_64-unknown-linux-gnu) libcurl/7.70.0 OpenSSL/1.0.1f zlib/1.2.8

To test the connection again (from the git repo):

GIT_CURL_VERBOSE=1 git ls-remote https://bitbucket.org/

And It works :)

This workaround was used to fix the issue in an old jenkins builder based on Ubuntu 14. The new ones were unaffected by the TLS change.

I hope that this could help anyone.

PS: On my way to find a fix I upgrade git to version 2.28.0 too :)

Thank you!

Your solution worked here.

And I didn't upgrade my git version. It's still 1.9.1.

Like Julian Lopez Alcaine likes this

Thanks, this worked for me.

Like Julian Lopez Alcaine likes this

Thank you man, it works!

You saved the day! :)

Like Julian Lopez Alcaine likes this

Thank you man, it's working Ubuntu 16.04.7 LTS

Like Julian Lopez Alcaine likes this

This worked for us!

You saved the day, it happened to us right before the release.

Thank you!

Like Julian Lopez Alcaine likes this
Like Julian Lopez Alcaine likes this

Thanks.  This worked..

Like Julian Lopez Alcaine likes this

Thanks for the tip.. it worked. 

Like Julian Lopez Alcaine likes this

Worked like a charm! Thank you

Like Julian Lopez Alcaine likes this

This is solution fix this issue on ubuntu server 14.04.x

1, Edit file: 

sudo nano  /etc/apt/sources.list

2, Add to file sources.list

deb http://security.ubuntu.com/ubuntu xenial-security main
deb http://cz.archive.ubuntu.com/ubuntu xenial main universe

3, Run command update and update CURL to new version 

apt-get update && apt-get install curl

4, Check version:

curl -V

Response :

curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.28 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets

 

5, Test connect with bitbucket

GIT_CURL_VERBOSE=1 git ls-remote https://bitbucket.org/
Response:


* Closing connection 0
fatal: repository 'https://bitbucket.org/' not found

 

This done.

Thank a lot "Julian Lopez Alcaine". 

Like # people like this

Thank you so much. This fixed it for me. Was just about to do a production deployment and this popped up. Stressed!

Like Julian Lopez Alcaine likes this

Thank you very much!! This was the fix we needed for our git plugin failing on our jenkins running on ubuntu 14.04

Like # people like this

Thank you!

Today your solution saved my day! Thank you once again!

Like Julian Lopez Alcaine likes this

Thank you so much!!

Like Julian Lopez Alcaine likes this

Thank you very very very much!

Like Julian Lopez Alcaine likes this

worked for me too, thanks a lot!

Like Julian Lopez Alcaine likes this

thank you..worked for me also on Ubuntu 14.04

Like Julian Lopez Alcaine likes this

sudo apt-get install -y libcurl3 worked for me .

Like # people like this

Thanks so much!! It only worked with this

Like Julian Lopez Alcaine likes this

not working for me..

after edit sources.list

apt-get update give me errors

Like Julian Lopez Alcaine likes this

@yadintiens  don't worry about update error. try now  below command

sudo apt-get install curl
Like # people like this

This reallt isn't of any help for people who are on shared hosting providers..

Worked for me. Thanks! steamdb

Like Julian Lopez Alcaine likes this

This worked for me too, Thanks!!

Like Julian Lopez Alcaine likes this

ssh is working.

You will need to do some steps and create a key. 

Here is the tutorial about how to create it: https://support.atlassian.com/bitbucket-cloud/docs/set-up-an-ssh-key/

This seems to be the most clean solution for my situation, switching to SSH instead of HTTPS.

I tried upgrading to a more recent Ubuntu first, but a lot of my docker builds starting failing for various reasons.

It's not very easy to do, had to fight with some permission issues, but it wasn't that bad.

Below are the steps I took, to fix my docker image builds, that were running git clone over HTTPS as one of the image build steps in the Dockerfile.

If you don't use Docker, and/or don't build images with Dockerfiles having "git pull" commands in them, only steps 2 to 7 are relevant, you can ignore the rest:

1. Create a clean container based on ubuntu:14.04:

# docker run -it ubuntu:14.04

2. Install git inside the container:

# apt-get -y install git

3. Create a new RSA SSH identity (press enter each time when prompted, do not enter a password):

# ssh-keygen

4. Copy the content of the /root/.ssh/id_rsa.pub file using cat:

# cat /root/.ssh/id_rsa.pub

5. Create a new Key from the Bitbucket web administration UI for the repository, under the Access Keys section, by clicking Add key, setting a descriptive label, and pasting the text copied at the previous step.

6. Return to the terminal inside the container and attempt to clone the repository, using git, you can copy the required command from the Web bitbucket UI, by pressing the clone button on the repository home page, it would be something like:

# git clone git@bitbucket.org:user_name/repository_name.git

7. Accept the authenticity warning for the bitbucket.org host by typing yes and pressing enter at this prompt:

Are you sure you want to continue connecting (yes/no)?

8. Copy the content of the 3 files under the /root/.ssh directory, using cat and copy/pasting the text inside each one, to a directory called "ssh", in the same directory as the Dockerfile used to create images, outside the running container:

These are the files that need to be copied outside from inside the container:

ls -rtl /root/.ssh
total 12
-rw-r--r-- 1 root root 399 Aug 27 15:26 id_rsa.pub
-rw------- 1 root root 1675 Aug 27 15:26 id_rsa
-rw-r--r-- 1 root root 1326 Aug 27 15:29 known_hosts

9. Modify the Dockerfile to copy those files inside the images, by adding the following line before the step running git pull in the Dockerfile:

ADD ssh /root/.ssh

10. If you store the Dockerfile and associated files on git as well, add the following line to the Dockerfile, after the "ADD ssh /root.ssh" line, to set the correct permissions for the id_rsa file, as git doesn't store such permissions, otherwise it will be ignored by SSH:

RUN chmod 600 /root/.ssh/id_rsa

11. Modify the git clone command in the Dockerfile to use SSH instead of HTTPS, similar to step 6:

RUN git clone git@bitbucket.org:user_name/repository_name.git

That would be it. Not the easiest process, but not rocket science either.

ssh is not a good option for me since anyone on the target machine will have access to all of my personal repos, (right now each team member uses its own credentials to access this specific repo).

Unless there is a way to provide access only to this particular repo with an ssh key...

@sagism the read only SSH Access Keys can be set at the repository level, not at the user level. You don't need to set a user SSH key.

As @Vladimir Nicolici mentioned, update library in an old system can create some problems. That's why I chose to use ssh. But I don't think you can use ssh key per user.

Same problem on an old ubuntu server with an old git (1.9.1). Solved moving from https to ssh to clone the repo.

Same problem here, getting gnutls_handshake() failed: Handshake failed on pulls.

I was unable to push some changes live because of that. Luckily it wasn't something urgent, but some people may have deadlines, so doing whatever change that caused this without a warning was not cool.

if you want recompile

 

mkdir upgrade

cd upgrade

wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz

tar xpvfz openssl-1.1.1g.tar.gz

cd openssl-1.1.1g

./Configure 

make ; make install

cd ..

wget https://curl.haxx.se/download/curl-7.72.0.tar.gz

tar xpvfz curl-7.72.0.tar.gz

cd curl.7.72.0

./configure --with-ssl=/usr/local/ssl

make ; make install

cd ..

git clone https://github.com/git/git 

cd git

vi Makefile, change prefix= line to /usr instead of home

make ; make install

Wena Compadre! mesalvaste. el dia,  aunque tengo claro. que se debe actualizar el SO. 

 

saludos.!! de chile ! 

#apruebo

gnutls_handshake() failed: Handshake failed

Deploys to Netlify broken, when is Bitbucket going to be fixed?

Support just told me they "told" us about this in February, in this blog post:

https://bitbucket.org/blog/update-to-supported-cipher-suites-in-bitbucket-cloud

However, I received no email notifications about this, and I don't understand how they thought posting it on a blog was enough. It reminds me of this:

“But the plans were on display…”
“On display? I eventually had to go down to the cellar to find them.”
“That’s the display department.”
“With a flashlight.”
“Ah, well, the lights had probably gone.”
“So had the stairs.”
“But look, you found the notice, didn’t you?”
“Yes,” said Arthur, “yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”

― Douglas Adams, The Hitchhiker's Guide to the Galaxy

above of solution i tried already, still same problem.

my solution is uprgade to 16.04 from 14.04
PROBLEM SOLVED

We are experiencing the same issue here.

Ubuntu 14.04.4

Git 2.28.0

Julian Lopez Alcaine's solution helped us to resolve the issue.

Like Julian Lopez Alcaine likes this

solved updating curl

Same error since last night, my custom CI can no longer make any pulls therefore can't make any new builds therefore i can't release new versions of the software, all this on a deadline of course, what the heck guys not even a heads up??

 

how  do i fix this?

 

Ubuntu 14.04.5 LTS

git 1:1.9.1-1ubuntu0.10

Change your remote origin from HTTPS to SSH. SSH is working.

I did it on my projects until they fix HTTPS.

Same problem here, using bitbucket pipeline on Cloud.

Same error

Ubuntu 14.04.1

git version 2.28.0

Same error
Ubuntu 14.04.6
LTS
git version 1.9.1

Same is working for me after upgrading ubuntu-14.04 to 16.04. I tried every possible ways and spend around 4 hours. But finally working after upgrade to 16.04.

I upgrade to 16.04, same problem

Same issue here.

Updating git to newer version not seems to solve the problem.

 

Ubuntu 14.04.5 LTS

git version 1.9.1 (now 2.28.0)

Same problem here. Please, fix it. I have something urgent to do.

GIT_CURL_VERBOSE=1 git ls-remote https://bitbucket.org/ 
GIT_TRACE_PACKET=1 GIT_TRACE=1 GIT_SSH_COMMAND="ssh -v" GIT_CURL_VERBOSE=1 git clone <your repository URL>
GIT_TRACE_PACKET=1 GIT_TRACE=1 GIT_SSH_COMMAND="ssh -v" GIT_CURL_VERBOSE=1 git pull

This is not working for me.could anybody checks this correct or wrong.. this solution gave a bitbucket support team..

Any update on this.. we are experiencing same issue..

Same problem here.

  • Git version 1.9.1
  • Ubuntu 14.04.6 LTS

I tried the following:

  1. Removing Git and reinstalling
  2. Upgrading to Git version 2.28.0
user@home:~$ git --version
git version 2.28.0

Having done the above, I get the exact same error.

fatal: unable to access 'https://bitbucket.org/*****/*****.git/': gnutls_handshake() failed: Handshake failed

 

Then I tried compiling Git 1.9.1 with OpenSSL:
https://askubuntu.com/questions/186847/error-gnutls-handshake-failed-when-connecting-to-https-servers

 

When I try and run the debian package after I have compiled it:

$ sudo dpkg -i ../git_1.9.1-1ubuntu0.10_amd64.deb 
Selecting previously unselected package git.
dpkg: warning: files list file for package 'libakonadi-kabc4' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'base-passwd' missing; assuming package has no files currently installed
(Reading database ... 650135 files and directories currently installed.)
Preparing to unpack .../git_1.9.1-1ubuntu0.10_amd64.deb ...
Unpacking git (1:1.9.1-1ubuntu0.10) ...
dpkg: dependency problems prevent configuration of git:
git depends on git-man (<< 1:1.9.1-.); however:
Version of git-man on system is 1:2.28.0-0ppa1~ubuntu14.04.1.

dpkg: error processing package git (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
git

`

Any help appreciated thanks.

i have been also facing same issue from couple of hours ago.

Same error.

 

Any update on this?

Same problem.


Ubuntu 14.04.3 LTS
git version 1.9.1

I assume that I need a new version of git which can use the newer ciphers / TLS

I tried to upgrade it:

sudo add-apt-repository ppa:git-core/ppa
sudo apt-get update
sudo apt-get install git

I get:

The following packages have unmet dependencies:

git : Depends: git-man (< 1:2.26.2-.) but 1:2.28.0-0ppa1~ubuntu14.04.1 is to be installed

E: Unable to correct problems, you have held broken packages.

 

When I remove git and git-man I still get the same.

 

I guess this is a separate problem, but seems to get in my way of resolving the original problem

same here...

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
Community showcase
Published in Bitbucket

New improvements to user management in Bitbucket Cloud 👥

Hey Community! We’re willing to wager that quite a few of you not only use Bitbucket, but administer it too. Our team is excited to share that we’ll be releasing improvements throughout this month of...

3,927 views 10 16
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you