search

msysgit / git

msysGit-based Git for Windows 1.x is now superseded by Git for Windows 2.x
http://github.com/git-for-windows/git
Other
1.01k stars 316 forks source link

curl 7.41.0 can't set ciphers #346

Closed Tri125 closed 9 years ago

Tri125 commented 9 years ago

Using Git-1.9.5-preview20150319 (with curl updated to 7.41.0)

I was having trouble connecting to a website due to an handshake error.

I investigated a bit and saw issue #325 . After verifying the behavior between linux and windows, mostly checking which ciphers is used on my target website and which one I could use on windows with git, I discovered that curl couldn't set the ciphers list.

Curl 7.42.0 - April 22 2015 have the following fix in the changelog:

 openssl: use colons properly in the ciphers list

I quickly download a compiled version of 7.42 and replaced curl.exe from Git\Bin and it works, I was able to set the ciphers and connect to the target website.

Reproduction steps

Target: https://www.gitignore.io/

curl -L -v --ciphers AES128 https://www.gitignore.io/api/android
*   Trying 104.28.0.76...
* Connected to www.gitignore.io (104.28.0.76) port 443 (#0)
* failed setting cipher list: AES128
* Closing connection 0
curl: (59) failed setting cipher list: AES128

On linux, the same command succeed and we get the page.

Upgrading curl to 7.42 will fix the issue.

It should also fix #325

dscho commented 9 years ago

Could you please give Git for Windows 2.x' developer preview a whirl?

Tri125 commented 9 years ago

Can not reproduce on v2.4.0.windows.2: Git for Windows 2.4.0 release 2 (Current)

Can not reproduce on v2.3.4.windows.2 either (Curl 7.41.0).

I don't know enough about the Git SDK to be able to build the software and see which version doesn't work, but I'm going to check on that if that's necessary.

dscho commented 9 years ago

Thanks for testing! To focus all efforts on the 1.x -> 2.x switch, I am tempted to leave this 1.x ticket as-is and recommend to switch to 2.x instead. @Tri125 what do you think?

Tri125 commented 9 years ago

I guess that would be preferable. The switch to 2.x will eventually happen and the bug hasn't been encountered by enough users to make it necessary to fix on 1.x.

t-b commented 9 years ago

@Tri125 We can update curl to 7.42.1 if you/or someone files a PR.

Tri125 commented 9 years ago

I'm not even sure anymore if that's entirely the problem, since on v2.3.4 it works (same curl version unless I missed something).

bviktor commented 9 years ago

Here we're experiencing sporadic problems with cURL even without setting ciphers or stuff, just basic downloads. Sometimes it works the first time, sometimes it takes like 3 attempts lol.

OTOH mozilla-build's wget works flawlessly.

dscho commented 9 years ago

Okay, Git for Windows 2.x is out, and I really want to let Git for Windows 1.x enjoy its deserved retirement.