mjhjmtu

I am using RedHat 5.2 and I need to clone a repo from Github. Sadly, since February 1st of this year, they disabled TLSv1 and TLSv1.1

Unfortunately, Red Hat 5 does not have a point release that supports TLSv1.2. We advise that users of Red Hat 5 upgrade to a newer version of the operating system.

source here

I was able get the sources of OpenSSL 1.0.2a 19 Mar 2015 and build it, then compile curl-7.58.0 with the newer OpenSSL. I also compiled a newer git with the newer OpenSSL and curl

$ curl --version
curl 7.58.0 (i686-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.0.2a zlib/1.2.3
Release-Date: 2018-01-24
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy
$git --version
git version 2.16.2

I am able to curl Github

# curl -Ivvv -k https://github.com
* Rebuilt URL to: https://github.com/
* Trying 192.30.253.113...
* TCP_NODELAY set
* Connected to github.com (192.30.253.113) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
 CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: businessCategory=Private Organization; jurisdictionC=US; jurisdictionST=Delaware; serialNumber=5157550; street=88 Colin P Kelly, Jr Street; postalCode=94107; C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=github.com
* start date: Mar 10 00:00:00 2016 GMT
* expire date: May 17 12:00:00 2018 GMT
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.

But I'm unable to clone from it

$ env GIT_TRACE=2 git clone --verbose https://github.com/torvalds/linux.git
12:02:58.696627 git.c:344 trace: built-in: git 'clone' '--verbose' 'https://github.com/torvalds/linux.git'
Cloning into 'linux'...
12:02:58.697620 run-command.c:627 trace: run_command: 'git-remote-https' 'origin' 'https://github.com/torvalds/linux.git'

I also tried to init a new repo and set the Github link as origin but its not working either.

Am I missing a setting or a flag somewhere?

Thanks

On RHEL 5 I'm using git-1.8.2.3-1.el5 from Epel 5:

# rpm -qi git
Name : git Relocations: (not relocatable)
Version : 1.8.2.3 Vendor: Fedora Project
Release : 1.el5 Build Date: Di 26 Apr 2016 19:30:16 CEST

It seems to require OpenSSL 1:

# ldd /usr/bin/git-remote-https
 libssl.so.10 => /lib/libssl.so.10 (0x00b2a000)
 libcrypto.so.10 => /lib/libcrypto.so.10 (0x00595000)

On my system it is resolved by this:

# rpm -qf /lib/libssl.so.10
openssl1-1.0.1e-57.el5_11

And this one is coming from "tuxad repo":
https://unix.stackexchange.com/a/459187/284960

I have no issues on cloning from github.