diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-07 12:09:34 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-07 12:09:34 +0000 |
commit | 903ccf7c93eb9490c76857bffe744249cc07de09 (patch) | |
tree | 603a3162e91999160e4efc74f351f9405f422d61 /doc/administration/troubleshooting | |
parent | 41cb558299b483b44b45351730ee4c0e9fe4ca2c (diff) | |
download | gitlab-ce-903ccf7c93eb9490c76857bffe744249cc07de09.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/administration/troubleshooting')
-rw-r--r-- | doc/administration/troubleshooting/ssl.md | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/doc/administration/troubleshooting/ssl.md b/doc/administration/troubleshooting/ssl.md index 475b7d44eac..b66b6e8c90a 100644 --- a/doc/administration/troubleshooting/ssl.md +++ b/doc/administration/troubleshooting/ssl.md @@ -137,3 +137,36 @@ To fix this problem: ```shell git config --global http.sslVerify false ``` + +## SSL_connect wrong version number + +A misconfiguration may result in: + +- `gitlab-rails/exceptions_json.log` entries containing: + + ```plaintext + "exception.class":"Excon::Error::Socket","exception.message":"SSL_connect returned=1 errno=0 state=error: wrong version number (OpenSSL::SSL::SSLError)", + "exception.class":"Excon::Error::Socket","exception.message":"SSL_connect returned=1 errno=0 state=error: wrong version number (OpenSSL::SSL::SSLError)", + ``` + +- `gitlab-workhorse/current` containing: + + ```plaintext + http: server gave HTTP response to HTTPS client + http: server gave HTTP response to HTTPS client + ``` + +- `gitlab-rails/sidekiq.log` or `sidekiq/current` containing: + + ```plaintext + message: SSL_connect returned=1 errno=0 state=error: wrong version number (OpenSSL::SSL::SSLError) + message: SSL_connect returned=1 errno=0 state=error: wrong version number (OpenSSL::SSL::SSLError) + ``` + +Some of these errors come from the Excon Ruby gem, and could be generated in circumstances +where GitLab is configured to initiate an HTTPS session to a remote server +that is serving just HTTP. + +One scenario is that you're using [object storage](../high_availability/object_storage.md) +which is not served under HTTPS. GitLab is misconfigured and attempts a TLS handshake, +but the object storage will respond with plain HTTP. |