Cannot pull from bitbucket using https on ubuntu 14.04

sagism August 27, 2020

As of today, git pull is failing:

fatal: unable to access 'https://...@bitbucket.org/.../myproj.git/': gnutls_handshake() failed: Handshake failed

I assume this has to do with removing support for older ciphers.

Question is: how do I fix it?

Hunting around I'm seeing suggestions to upgrade the version of openssl.

I have version 1.0.1f and when I try to upgrade the system tells me that I have the most recent version installed:

GIT_CURL_VERBOSE=1 git ls-remote https://bitbucket.org/

fatal: unable to access 'https://bitbucket.org/': gnutls_handshake() failed: Handshake failed

% openssl version

1.0.1f 6 Jan 2014

% sudo apt-get update && sudo apt-get install --only-upgrade openssl

...

already at the newest version

% python -c "import json, urllib2; print json.load(urllib2.urlopen('https://www.howsmyssl.com/a/check'))['tls_version']"

TLS 1.2

Any idea on how to fix this to regain access to my bitbucket repo?

 

33 answers

1 accepted

48 votes
Answer accepted
Julian Lopez Alcaine August 27, 2020

For all of those that are using Ubuntu 14.04.5 LTS, I fix this with an ugly workaround. The root problem of this seems to be a bug with the libcurl3 version and the TLS 1.2.

The curl version needs to be upgraded and I use the Ubuntu 16 repo (xenial) to update the curl package. These repos were used on /etc/apt/sources.list:

deb http://security.ubuntu.com/ubuntu xenial-security main
deb http://cz.archive.ubuntu.com/ubuntu xenial main universe

After this an:

apt-get update && apt-get install curl

And finally you can check if curl was updated with:

curl -V
curl 7.70.0 (x86_64-unknown-linux-gnu) libcurl/7.70.0 OpenSSL/1.0.1f zlib/1.2.8

To test the connection again (from the git repo):

GIT_CURL_VERBOSE=1 git ls-remote https://bitbucket.org/

And It works :)

This workaround was used to fix the issue in an old jenkins builder based on Ubuntu 14. The new ones were unaffected by the TLS change.

I hope that this could help anyone.

PS: On my way to find a fix I upgrade git to version 2.28.0 too :)

Lucas Cheles August 27, 2020

Thank you!

Your solution worked here.

And I didn't upgrade my git version. It's still 1.9.1.

Like Julian Lopez Alcaine likes this
ajlashford August 27, 2020

Thanks, this worked for me.

Like Julian Lopez Alcaine likes this
valerio_cupelloni August 27, 2020

Thank you man, it works!

You saved the day! :)

Like Julian Lopez Alcaine likes this
vipinkumar21 August 27, 2020

Thank you man, it's working Ubuntu 16.04.7 LTS

Like Julian Lopez Alcaine likes this
avishnya August 27, 2020

This worked for us!

You saved the day, it happened to us right before the release.

Thank you!

Like Julian Lopez Alcaine likes this
Francesco Baldi August 27, 2020

thanks

Like Julian Lopez Alcaine likes this
antsand2002 August 27, 2020

Thanks.  This worked..

Like Julian Lopez Alcaine likes this
Helio Jesus August 27, 2020

Thanks for the tip.. it worked. 

Like Julian Lopez Alcaine likes this
phirlikar August 27, 2020

Worked like a charm! Thank you

Like Julian Lopez Alcaine likes this
TN August 27, 2020

This is solution fix this issue on ubuntu server 14.04.x

1, Edit file: 

sudo nano  /etc/apt/sources.list

2, Add to file sources.list

deb http://security.ubuntu.com/ubuntu xenial-security main
deb http://cz.archive.ubuntu.com/ubuntu xenial main universe

3, Run command update and update CURL to new version 

apt-get update && apt-get install curl

4, Check version:

curl -V

Response :

curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.28 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets

 

5, Test connect with bitbucket

GIT_CURL_VERBOSE=1 git ls-remote https://bitbucket.org/
Response:


* Closing connection 0
fatal: repository 'https://bitbucket.org/' not found

 

This done.

Thank a lot "Julian Lopez Alcaine". 

Like # people like this
Kelly Chapman August 27, 2020

Thank you so much. This fixed it for me. Was just about to do a production deployment and this popped up. Stressed!

Like Julian Lopez Alcaine likes this
Miquel Pasanau August 28, 2020

Thank you very much!! This was the fix we needed for our git plugin failing on our jenkins running on ubuntu 14.04

Like # people like this
StoyanS August 28, 2020

Thank you!

Today your solution saved my day! Thank you once again!

Like Julian Lopez Alcaine likes this
jbhatt August 29, 2020

Thank you so much!!

Like Julian Lopez Alcaine likes this
eureka7000 August 30, 2020

Thank you very very very much!

Like Julian Lopez Alcaine likes this
il August 31, 2020

worked for me too, thanks a lot!

Like Julian Lopez Alcaine likes this
ajaysukalkar August 31, 2020

thank you..worked for me also on Ubuntu 14.04

Like Julian Lopez Alcaine likes this
Anish kumar Mourya September 1, 2020

sudo apt-get install -y libcurl3 worked for me .

Like # people like this
Martin Ruiz September 1, 2020

Thanks so much!! It only worked with this

Like Julian Lopez Alcaine likes this
yadintiens September 2, 2020

not working for me..

after edit sources.list

apt-get update give me errors

Like Julian Lopez Alcaine likes this
jbhatt September 2, 2020

@yadintiens  don't worry about update error. try now  below command

sudo apt-get install curl
Like # people like this
BenjaminVansteelandt September 3, 2020

This reallt isn't of any help for people who are on shared hosting providers..

Alda Mesa
Banned
September 21, 2020

Worked for me. Thanks! steamdb

Like Julian Lopez Alcaine likes this
Blessing Ajala March 4, 2021

This worked for me too, Thanks!!

Like Julian Lopez Alcaine likes this
6 votes
fabiocberg August 27, 2020

ssh is working.

You will need to do some steps and create a key. 

Here is the tutorial about how to create it: https://support.atlassian.com/bitbucket-cloud/docs/set-up-an-ssh-key/

Vladimir Nicolici August 27, 2020

This seems to be the most clean solution for my situation, switching to SSH instead of HTTPS.

I tried upgrading to a more recent Ubuntu first, but a lot of my docker builds starting failing for various reasons.

It's not very easy to do, had to fight with some permission issues, but it wasn't that bad.

Below are the steps I took, to fix my docker image builds, that were running git clone over HTTPS as one of the image build steps in the Dockerfile.

If you don't use Docker, and/or don't build images with Dockerfiles having "git pull" commands in them, only steps 2 to 7 are relevant, you can ignore the rest:

1. Create a clean container based on ubuntu:14.04:

# docker run -it ubuntu:14.04

2. Install git inside the container:

# apt-get -y install git

3. Create a new RSA SSH identity (press enter each time when prompted, do not enter a password):

# ssh-keygen

4. Copy the content of the /root/.ssh/id_rsa.pub file using cat:

# cat /root/.ssh/id_rsa.pub

5. Create a new Key from the Bitbucket web administration UI for the repository, under the Access Keys section, by clicking Add key, setting a descriptive label, and pasting the text copied at the previous step.

6. Return to the terminal inside the container and attempt to clone the repository, using git, you can copy the required command from the Web bitbucket UI, by pressing the clone button on the repository home page, it would be something like:

# git clone git@bitbucket.org:user_name/repository_name.git

7. Accept the authenticity warning for the bitbucket.org host by typing yes and pressing enter at this prompt:

Are you sure you want to continue connecting (yes/no)?

8. Copy the content of the 3 files under the /root/.ssh directory, using cat and copy/pasting the text inside each one, to a directory called "ssh", in the same directory as the Dockerfile used to create images, outside the running container:

These are the files that need to be copied outside from inside the container:

ls -rtl /root/.ssh
total 12
-rw-r--r-- 1 root root 399 Aug 27 15:26 id_rsa.pub
-rw------- 1 root root 1675 Aug 27 15:26 id_rsa
-rw-r--r-- 1 root root 1326 Aug 27 15:29 known_hosts

9. Modify the Dockerfile to copy those files inside the images, by adding the following line before the step running git pull in the Dockerfile:

ADD ssh /root/.ssh

10. If you store the Dockerfile and associated files on git as well, add the following line to the Dockerfile, after the "ADD ssh /root.ssh" line, to set the correct permissions for the id_rsa file, as git doesn't store such permissions, otherwise it will be ignored by SSH:

RUN chmod 600 /root/.ssh/id_rsa

11. Modify the git clone command in the Dockerfile to use SSH instead of HTTPS, similar to step 6:

RUN git clone git@bitbucket.org:user_name/repository_name.git

That would be it. Not the easiest process, but not rocket science either.

sagism August 27, 2020

ssh is not a good option for me since anyone on the target machine will have access to all of my personal repos, (right now each team member uses its own credentials to access this specific repo).

Unless there is a way to provide access only to this particular repo with an ssh key...

Vladimir Nicolici August 27, 2020

@sagism the read only SSH Access Keys can be set at the repository level, not at the user level. You don't need to set a user SSH key.

fabiocberg August 27, 2020

As @Vladimir Nicolici mentioned, update library in an old system can create some problems. That's why I chose to use ssh. But I don't think you can use ssh key per user.

2 votes
Luca Iovio August 27, 2020

Same problem on an old ubuntu server with an old git (1.9.1). Solved moving from https to ssh to clone the repo.

1 vote
Vladimir Nicolici August 27, 2020

Same problem here, getting gnutls_handshake() failed: Handshake failed on pulls.

I was unable to push some changes live because of that. Luckily it wasn't something urgent, but some people may have deadlines, so doing whatever change that caused this without a warning was not cool.

0 votes
umbertoangelini October 7, 2020

if you want recompile

 

mkdir upgrade

cd upgrade

wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz

tar xpvfz openssl-1.1.1g.tar.gz

cd openssl-1.1.1g

./Configure 

make ; make install

cd ..

wget https://curl.haxx.se/download/curl-7.72.0.tar.gz

tar xpvfz curl-7.72.0.tar.gz

cd curl.7.72.0

./configure --with-ssl=/usr/local/ssl

make ; make install

cd ..

git clone https://github.com/git/git 

cd git

vi Makefile, change prefix= line to /usr instead of home

make ; make install
0 votes
marveen September 3, 2020

Wena Compadre! mesalvaste. el dia,  aunque tengo claro. que se debe actualizar el SO. 

 

saludos.!! de chile ! 

#apruebo

0 votes
Octavian Susnea August 29, 2020

gnutls_handshake() failed: Handshake failed

Deploys to Netlify broken, when is Bitbucket going to be fixed?

0 votes
Vladimir Nicolici August 27, 2020

Support just told me they "told" us about this in February, in this blog post:

https://bitbucket.org/blog/update-to-supported-cipher-suites-in-bitbucket-cloud

However, I received no email notifications about this, and I don't understand how they thought posting it on a blog was enough. It reminds me of this:

“But the plans were on display…”
“On display? I eventually had to go down to the cellar to find them.”
“That’s the display department.”
“With a flashlight.”
“Ah, well, the lights had probably gone.”
“So had the stairs.”
“But look, you found the notice, didn’t you?”
“Yes,” said Arthur, “yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”

― Douglas Adams, The Hitchhiker's Guide to the Galaxy

0 votes
Mac_cho August 27, 2020

above of solution i tried already, still same problem.

my solution is uprgade to 16.04 from 14.04
PROBLEM SOLVED

0 votes
avishnya August 27, 2020

We are experiencing the same issue here.

Ubuntu 14.04.4

Git 2.28.0

avishnya August 27, 2020

Julian Lopez Alcaine's solution helped us to resolve the issue.

Like Julian Lopez Alcaine likes this
0 votes
Francesco Baldi August 27, 2020

solved updating curl

0 votes
julienfabre August 27, 2020

Same error since last night, my custom CI can no longer make any pulls therefore can't make any new builds therefore i can't release new versions of the software, all this on a deadline of course, what the heck guys not even a heads up??

 

how  do i fix this?

 

Ubuntu 14.04.5 LTS

git 1:1.9.1-1ubuntu0.10

fabiocberg August 27, 2020

Change your remote origin from HTTPS to SSH. SSH is working.

I did it on my projects until they fix HTTPS.

0 votes
Ronan Pagni Bizarro August 27, 2020

Same problem here, using bitbucket pipeline on Cloud.

0 votes
Denis Boyun August 27, 2020

Same error

Ubuntu 14.04.1

git version 2.28.0

0 votes
Varentsov August 27, 2020

Same error
Ubuntu 14.04.6
LTS
git version 1.9.1

0 votes
viveksrai August 27, 2020

Same is working for me after upgrading ubuntu-14.04 to 16.04. I tried every possible ways and spend around 4 hours. But finally working after upgrade to 16.04.

yoni ayalon August 30, 2020

I upgrade to 16.04, same problem

0 votes
valerio_cupelloni August 27, 2020

Same issue here.

Updating git to newer version not seems to solve the problem.

 

Ubuntu 14.04.5 LTS

git version 1.9.1 (now 2.28.0)

0 votes
fabiocberg August 27, 2020

Same problem here. Please, fix it. I have something urgent to do.

0 votes
Ajithkumar R August 27, 2020
GIT_CURL_VERBOSE=1 git ls-remote https://bitbucket.org/ 
GIT_TRACE_PACKET=1 GIT_TRACE=1 GIT_SSH_COMMAND="ssh -v" GIT_CURL_VERBOSE=1 git clone <your repository URL>
GIT_TRACE_PACKET=1 GIT_TRACE=1 GIT_SSH_COMMAND="ssh -v" GIT_CURL_VERBOSE=1 git pull

This is not working for me.could anybody checks this correct or wrong.. this solution gave a bitbucket support team..

0 votes
emirllaneza August 27, 2020

Any update on this.. we are experiencing same issue..

0 votes
ajlashford August 27, 2020

Same problem here.

  • Git version 1.9.1
  • Ubuntu 14.04.6 LTS

I tried the following:

  1. Removing Git and reinstalling
  2. Upgrading to Git version 2.28.0
user@home:~$ git --version
git version 2.28.0

Having done the above, I get the exact same error.

fatal: unable to access 'https://bitbucket.org/*****/*****.git/': gnutls_handshake() failed: Handshake failed

 

Then I tried compiling Git 1.9.1 with OpenSSL:
https://askubuntu.com/questions/186847/error-gnutls-handshake-failed-when-connecting-to-https-servers

 

When I try and run the debian package after I have compiled it:

$ sudo dpkg -i ../git_1.9.1-1ubuntu0.10_amd64.deb 
Selecting previously unselected package git.
dpkg: warning: files list file for package 'libakonadi-kabc4' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'base-passwd' missing; assuming package has no files currently installed
(Reading database ... 650135 files and directories currently installed.)
Preparing to unpack .../git_1.9.1-1ubuntu0.10_amd64.deb ...
Unpacking git (1:1.9.1-1ubuntu0.10) ...
dpkg: dependency problems prevent configuration of git:
git depends on git-man (<< 1:1.9.1-.); however:
Version of git-man on system is 1:2.28.0-0ppa1~ubuntu14.04.1.

dpkg: error processing package git (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
git

`

Any help appreciated thanks.

0 votes
Anish kumar Mourya August 27, 2020

i have been also facing same issue from couple of hours ago.

0 votes
phirlikar August 27, 2020

Same error.

 

Any update on this?

0 votes
alexandremaeda August 27, 2020

Same problem.


Ubuntu 14.04.3 LTS
git version 1.9.1

0 votes
sagism August 27, 2020

I assume that I need a new version of git which can use the newer ciphers / TLS

I tried to upgrade it:

sudo add-apt-repository ppa:git-core/ppa
sudo apt-get update
sudo apt-get install git

I get:

The following packages have unmet dependencies:

git : Depends: git-man (< 1:2.26.2-.) but 1:2.28.0-0ppa1~ubuntu14.04.1 is to be installed

E: Unable to correct problems, you have held broken packages.

 

When I remove git and git-man I still get the same.

 

I guess this is a separate problem, but seems to get in my way of resolving the original problem

0 votes
matt / 개발1팀 August 27, 2020

same here...

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events