How can I clone over ssh from gitlab-runner?

I am in the situation where my gitlab-runner cannot do a git clone because of a gnutls_handshake error. If I try this by hand I get the same behaviour. A manual git clone works without errors.

Is there a way to configure the gitlab-runner to also use the ssh path?

Sounds like you’re having some issues with SSL. Are you using a self-signed cert or anything? What is the exact error you’re seeing?

Why not a try of gnutls-cli -p 443 Any errors printed?

@Mooash, @Frederick888
Thanks for thinking with me!

gnutls-cli -p 443 results in:

Resolving 'Resolving ‘’…
Connecting to ‘’…
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [40]: Handshake failed
*** Handshake has failed
GnuTLS error: A TLS fatal alert has been received.

I am using a StartSSL certificate, gives me almost full score.

The issue that bites me is If I rebuild git using libcurl4-openssl-dev instead of libcurl4-gnutls-dev I can clone through https.

I am provisioning a VM with Ansible and instead of building git from source I thought it would be easier if I could persuade Gitlab CI to clone over ssh.

Can you post what your cipher suite is? I think if you tweak it a little you’ll get a result you’re expecting. You don’t need to rebuild libcurl, just tweak your suite a little.

My apache2/mods-available/ssl.conf contains:
SSLCipherSuite AES256+EECDH:!aNULL reports these:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)                           
ECDH 256 bits (eq. 3072 bits RSA)

ECDH 256 bits (eq. 3072 bits RSA)

ECDH 256 bits (eq. 3072 bits RSA)

This plus various other settings leads to a 100/95/100/100 score on

Which suite do you think I would need to add?

I would try one of the recommended sipher suites from here.

You should still be able to get a great score on but remember, getting 100% doesn’t matter if nothing works. :smile:

Thanks! I am travelling right now with very little internet access but will try to get this working soon.

The quick fix was to use Ubuntu 15.04 for my gitlab_runner instead of 14.04.

Now I revisited the issue and found that SSLCipherSuite AES256+EECDH:DHE-RSA-AES256-SHA:!aNULL works in my case (and yields the same SSLLabs score).

Thanks again for pointing me in the right direction.