Git proxy error: LibreSSL SSL_connect: SSL_ERROR_SYSCALL

At the moment this error occurs for me in combination with zscaler:

g clone https://github.com/privatenumber/instant-mocha.git
Cloning into 'instant-mocha'...
fatal: unable to access 'https://github.com/privatenumber/instant-mocha.git/': LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to gateway.zscaler.net:80

Git config has the following zscaler entries:

[http]
	proxy = https://gateway.zscaler.net:80/
	sslCAInfo = /Users/XXXXX/.zcli/zscaler_root.pem

Removing it, rebooting, disable zscaler, etc. does not fix my issue.

At this moment i am unable to use git.

I can connect to github via ssl:

openssl s_client -connect github.com:443 -msg
CONNECTED(00000005)
>>> TLS 1.2 Handshake [length 00bf], ClientHello
    XXX
<<< TLS 1.2 Handshake [length 0059], ServerHello
    XXX
<<< TLS 1.2 Handshake [length 0dc4], Certificate
    XXX
depth=2 C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = Zscaler Intermediate Root CA (zscloud.net), emailAddress = support@zscaler.com
verify error:num=20:unable to get local issuer certificate
verify return:0
<<< TLS 1.2 Handshake [length 014d], ServerKeyExchange
    XXX
<<< TLS 1.2 Handshake [length 0004], ServerHelloDone
   XXX
>>> TLS 1.2 Handshake [length 0046], ClientKeyExchange
    XXX
>>> TLS 1.2 ChangeCipherSpec [length 0001]
    XXX
>>> TLS 1.2 Handshake [length 0010], Finished
    XXX
<<< TLS 1.2 ChangeCipherSpec [length 0001]
    XXX
<<< TLS 1.2 Handshake [length 0010], Finished
    XXX
---
Certificate chain
 0 s:/C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=github.com
   i:/C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscloud.net) (t)
 1 s:/C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscloud.net) (t)
   i:/C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscloud.net)/emailAddress=support@zscaler.com
 2 s:/C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscloud.net)/emailAddress=support@zscaler.com
   i:/C=US/ST=California/L=San Jose/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Root CA/emailAddress=support@zscaler.com
---
Server certificate
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=github.com
issuer=/C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscloud.net) (t)
---
No client certificate CA names sent
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4021 bytes and written 322 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: F72C72758C1C6ECD0EC469A54A709ADC22C21C7D9555B3E79915644AEFA1725B
    Session-ID-ctx:
    Master-Key: 96497534352717D6184F2E1687BA746003F80C0A050EB0C7CBBE71EF9DE2E497AF31376CE056D32C6D28EB0E14629791
    Start Time: 1640252593
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

Hello Guwan,

did you check Adding Custom Certificate to an Application Specific Trusted Store | Zscaler?

BR
Manuel

1 Like