The 'RPC failed; curl 56 GnuTLS' error occurs during Git operations over HTTPS when there's a TLS/SSL communication failure. This is commonly caused by network issues, large repository transfers, or GnuTLS library problems on Linux systems.
The "RPC failed; curl 56 GnuTLS recv error" message indicates that Git's HTTP transfer failed due to a TLS (Transport Layer Security) communication problem. The error code 56 refers to curl's CURLE_RECV_ERROR, meaning data could not be received from the remote server. Git uses the curl library for HTTPS operations, and on many Linux distributions (particularly Ubuntu and Debian), curl is compiled with GnuTLS rather than OpenSSL for SSL/TLS support. GnuTLS can sometimes be more sensitive to network issues or have compatibility problems with certain server configurations. The specific GnuTLS error code (like -9 for unexpected packet length, -110 for improper termination, or -54 for pull function errors) provides additional context. These errors typically occur during clone, push, pull, or fetch operations, especially with large repositories or over unstable network connections.
The most common fix is to increase Git's HTTP buffer size. By default, Git uses a relatively small buffer which can cause issues with large repositories:
# Increase buffer to 500 MB
git config --global http.postBuffer 524288000
# For very large repositories, try 1 GB
git config --global http.postBuffer 1048576000After setting this, retry your Git operation. Note that this increases memory usage during Git HTTP operations.
If you're cloning a large repository, try a shallow clone to reduce the amount of data transferred:
# Clone with limited history
git clone --depth 1 https://github.com/user/repo.git
# If you need more history later, unshallow
cd repo
git fetch --unshallowThis downloads only the latest commit initially, which is much less data and reduces the chance of TLS errors.
Enable Git's debugging output to get more information about where the failure occurs:
# Set environment variables for verbose output
export GIT_TRACE_PACKET=1
export GIT_TRACE=1
export GIT_CURL_VERBOSE=1
# Now run your git command
git clone https://github.com/user/repo.gitThis will show detailed information about the HTTP/TLS communication and help identify the exact point of failure.
Switching from HTTPS to SSH bypasses GnuTLS entirely and often resolves the issue:
# Clone using SSH instead of HTTPS
git clone [email protected]:user/repo.git
# For existing repositories, change the remote URL
git remote set-url origin [email protected]:user/repo.gitYou'll need to set up SSH keys if you haven't already:
# Generate SSH key (if you don't have one)
ssh-keygen -t ed25519 -C "[email protected]"
# Add key to ssh-agent
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
# Copy public key to add to GitHub/GitLab
cat ~/.ssh/id_ed25519.pubOlder Git versions may have known GnuTLS-related bugs. Update to the latest version:
# Ubuntu/Debian - add Git PPA for latest version
sudo add-apt-repository ppa:git-core/ppa
sudo apt update
sudo apt install git
# Fedora/RHEL
sudo dnf upgrade git
# macOS
brew upgrade git
# Check version
git --versionIf the issue persists, you can configure Git to use OpenSSL as the SSL backend (if available):
# Check available SSL backends
git config --global --list | grep ssl
# Set OpenSSL as the backend (if installed)
git config --global http.sslBackend opensslIf your system doesn't have OpenSSL support in Git, you may need to reinstall Git with OpenSSL. On Ubuntu:
# Install build dependencies
sudo apt-get install build-essential libcurl4-openssl-dev libexpat1-dev gettext libz-dev libssl-dev
# Download and compile Git with OpenSSL (advanced)
wget https://github.com/git/git/archive/v2.43.0.tar.gz
tar -xzf v2.43.0.tar.gz
cd git-2.43.0
make prefix=/usr/local NO_GNUTLS=1 all
sudo make prefix=/usr/local installNetwork configuration issues can cause TLS failures. Check your network setup:
# Check if proxy is configured
git config --global --get http.proxy
git config --global --get https.proxy
# Temporarily unset proxy to test
git config --global --unset http.proxy
git config --global --unset https.proxy
# If behind corporate proxy, ensure it's configured correctly
git config --global http.proxy http://proxy.company.com:8080If you're on a corporate network with TLS inspection, you may need to add the corporate CA certificate:
# Add corporate CA certificate
git config --global http.sslCAInfo /path/to/corporate-ca.crtAs a last resort for testing, you can temporarily disable SSL verification. Warning: This is insecure and should not be used for production!
# Disable SSL verification temporarily (NOT RECOMMENDED for production)
git config --global http.sslVerify false
# Run your git command
git clone https://github.com/user/repo.git
# Re-enable SSL verification immediately after
git config --global http.sslVerify trueOnly use this to confirm the issue is TLS-related. Never leave SSL verification disabled as it exposes you to man-in-the-middle attacks.
### Understanding GnuTLS Error Codes
Different GnuTLS error codes indicate different problems:
- -9 (unexpected length): Received a TLS packet with unexpected size, often due to connection issues
- -54 (pull function error): Error in the underlying socket read operation
- -110 (improper termination): TLS connection closed abnormally
- -12 (fatal alert): Server sent a TLS fatal alert
### HTTP/2 Server Configuration
If you control the Git server (e.g., self-hosted GitLab), ensure HTTP/2 is properly configured. Some users have reported that disabling HTTP/2 on the server reproduces the error, while enabling it resolves it. In nginx:
server {
listen 443 ssl http2;
# ... rest of config
}### WSL and Windows-Specific Issues
On Windows Subsystem for Linux (WSL), this error can occur due to:
- Network driver issues between WSL and Windows
- Windows Defender or antivirus scanning network traffic
Try these WSL-specific fixes:
# In WSL, use Windows Git for network operations
git config --global credential.helper "/mnt/c/Program\ Files/Git/mingw64/bin/git-credential-manager.exe"### Git Compression Settings
Adjusting compression can sometimes help with transfer issues:
# Disable compression
git config --global core.compression 0
# Or set compression level (0-9, -1 for default)
git config --global core.compression -1### Alternative: Git Protocol Version
Try forcing a specific Git protocol version:
# Use Git protocol version 2
git config --global protocol.version 2
# Or fall back to version 1
git config --global protocol.version 1kex_exchange_identification: Connection closed by remote host
Connection closed by remote host when connecting to Git server
fatal: unable to access: Proxy auto-configuration failed
How to fix 'Proxy auto-configuration failed' in Git
fatal: unable to access: Authentication failed (proxy requires basic auth)
How to fix 'Authentication failed (proxy requires basic auth)' in Git
fatal: unable to access: no_proxy configuration not working
How to fix 'no_proxy configuration not working' in Git
fatal: unable to read tree object in treeless clone
How to fix 'unable to read tree object in treeless clone' in Git