OpenSSL errno 10054, connection refused when trying to connect to our server
We are running a git server over https and have no connection issues because we all used visual studio to do this. Now someone wants to use standard git bash and they cannot connect with the following error output.
fatal: unable to access 'https://server/Repo.git/': Unknown SSL protocol error in connection to server:443
I tried several different ciphers, nothing worked. Then it occurred to me that maybe git doesn't support ECDSA certificates. So I exchanged the ECDSA certificate for one with RSA. It didn't work either.
Then I tried to connect to OpenSSL s_client using the following command:
OpenSSL> s_client -connect server:443
This is the output of the command:
CONNECTED(0000018C)
write:errno=10054
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 307 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
I searched google for the error number 10054
and found that it means the connection was refused. We are using IIS 8.5 to provide an https endpoint for the git server. I can connect to the web environment through all web browsers and we can use the git server through the visual studio git interface. So I don't think this is a firewall issue. I would like to know who has experienced this problem before and if they could help us here?
source to share
Make sure you are using TLS 1.0 or higher. Some servers require TLS 1.2. If you are not sure if your server supports up to TLS 1.2, take a look at Steffen Ulrich, answer above and try this first.
If that doesn't work, check if SNI is required for the endpoint. If so, this could be a problem. If you invoke the command s_client
with the parameter servername
set to the name of the server you want to communicate with, this should work.
Basic command example:
s_client -connect example.com:443 -tls1 -servername example.com
The options s_client
can be found on the s_client
man page .
source to share
10054 No connection refused, but reset connection is. This means the TCP connection was successfully established (s_client indicates CONNECTED), but when sending more data from the client to the server, the server closed the connection without reading all the data (and sends the TCP RST back).
While it might be a firewall issue, it might also indicate a problem in the server configuration, i.e. the server accepts the client but cannot continue due to misconfiguration. Such invalid configurations might be missing permissions for the requested data, a certificate without using a private key, or others. I would suggest you take a closer look at the server logs in more detail.
I've also seen TCP RST with servers, load balancers, or firewalls that don't understand the current TLS versions and just close the connection. Browsers work around this problem by transparently retrying with a lower TLS version. You can try if openssl s_client -ssl3
running against this server and you will get a certificate.
source to share