Why Schannel fails to receive handshake from the server? Why Schannel fails to receive handshake from the server? windows windows

Why Schannel fails to receive handshake from the server?


In my case, I changed the .gitconfig from

[http] sslbackend = schannel

to

[http] sslbackend = openssl


I encountered the unable to access 'https://hostname.local/reponame.git/': schannel: failed to receive handshake, SSL/TLS connection failed error when I tried to use a http proxy for a git repo on the local network (which is not accessible through that particular proxy). I resetted the http.proxy setting to an empty string:

git config --global http.proxy ""

(Note that in my case, this was a global level setting, YMMV.)


You should try again, for testing, with the Git for Windows release 2.14.2 (June 21th, 2018), which adds code to force-ignore http.sslCAinfo when the ssl backend is set to schannel (so that the Windows Certificate Store is not ignored).
This is really only relevant when running with cURL v7.60.0 (or later).

See commit c5ad43e:

http: when using Secure Channel, ignore sslCAInfo by default

As of cURL v7.60.0, the Secure Channel backend can use the certificate bundle provided via http.sslCAInfo, but that would override the Windows Certificate Store. Since this is not desirable by default, let's tell Git to not ask cURL to use that bundle by default when the schannel backend was configured via http.sslBackend, unless useSSLCAInfooverrides this behavior.