From: Loganaden Velvindron <logan@hackers.mu>
To: Junio C Hamano <gitster@pobox.com>
Cc: Daniel Stenberg <daniel@haxx.se>, git@vger.kernel.org
Subject: Re: [PATCH v2] Allow use of TLS 1.3
Date: Sat, 24 Mar 2018 11:52:57 +0400 [thread overview]
Message-ID: <CAFDEUTf_KCn7Sqs+O8JJfBXo_+QfvAmiT2uzmM_ROWfXUdF0Sg@mail.gmail.com> (raw)
In-Reply-To: <xmqqtvt6h2ic.fsf@gitster-ct.c.googlers.com>
On Sat, Mar 24, 2018 at 2:04 AM, Junio C Hamano <gitster@pobox.com> wrote:
> Daniel Stenberg <daniel@haxx.se> writes:
>
>> On Fri, 23 Mar 2018, Loganaden Velvindron wrote:
>>
>>> +#ifdef CURL_SSLVERSION_TLSv1_3
>>> + { "tlsv1.3", CURL_SSLVERSION_TLSv1_3 }
>>> +#endif
>>
>> Unfortunately, CURL_SSLVERSION_TLSv1_3 is an enum so this construct
>> won't work.
>>
>> Also, let me just point out that 7.52.0 is 0x073400 in hex and not the
>> one used for the first version of this patch.
>
It's working with tls 1.3:
ldd for curl (showing linking to openssl 1.1.1 pre2 preview):
ldd /usr/local/bin/curl
linux-vdso.so.1 (0x00007ffd30599000)
libcurl.so.4 => /usr/local/lib/libcurl.so.4 (0x00007f5a81845000)
libssl.so.1.1 => /usr/local/lib/libssl.so.1.1 (0x00007f5a815b5000)
libcrypto.so.1.1 => /usr/local/lib/libcrypto.so.1.1 (0x00007f5a810dd000)
libz.so.1 => /usr/lib/libz.so.1 (0x00007f5a80ec6000)
libpthread.so.0 => /usr/lib/libpthread.so.0 (0x00007f5a80ca7000)
libc.so.6 => /usr/lib/libc.so.6 (0x00007f5a808f2000)
libnghttp2.so.14 => /usr/lib/libnghttp2.so.14 (0x00007f5a806cd000)
libdl.so.2 => /usr/lib/libdl.so.2 (0x00007f5a804c9000)
/lib/ld-linux-x86-64.so.2 (0x00007f5a81ce5000)
handshake failure against a tls 1.2 server:
GIT_SSL_VERSION=tlsv1.3 ./git clone https://github.com/shuque/pydig
Cloning into 'pydig'...
warning: templates not found /usr/local/share/git-core/templates
fatal: unable to access 'https://github.com/shuque/pydig/':
error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake
failure
With a local server running nginx using only tls 1.3 (had to disable
ssl verification due to self-signed cert):
GIT_SSL_NO_VERIFY=true GIT_SSL_VERSION=tlsv1.2 ./git clone
https://192.168.1.214/git_test
error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
Now with TLS 1.3, it works:
GIT_SSL_NO_VERIFY=true GIT_SSL_VERSION=tlsv1.3 ./git clone
https://192.168.1.214/git_test
> Thanks!
next prev parent reply other threads:[~2018-03-24 7:53 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-23 19:34 [PATCH v2] Allow use of TLS 1.3 Loganaden Velvindron
2018-03-23 21:47 ` Daniel Stenberg
2018-03-23 22:04 ` Junio C Hamano
2018-03-24 7:52 ` Loganaden Velvindron [this message]
2018-03-24 4:21 ` Loganaden Velvindron
2018-03-24 4:31 ` Loganaden Velvindron
2018-03-24 5:43 ` Loganaden Velvindron
2018-03-23 21:55 ` Junio C Hamano
2018-03-23 22:28 ` Ævar Arnfjörð Bjarmason
2018-03-24 4:23 ` Loganaden Velvindron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFDEUTf_KCn7Sqs+O8JJfBXo_+QfvAmiT2uzmM_ROWfXUdF0Sg@mail.gmail.com \
--to=logan@hackers.mu \
--cc=daniel@haxx.se \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).