subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Garrison, Jim (ETW)" <>
Subject When connecting to an https server force use of TLS or SSLv3?
Date Thu, 07 Jun 2012 21:19:20 GMT
When svn attempts to connect to an https URL, the underlying protocol
library (openssl?) attempts to start the secure protocol negotiation at
the most basic level, plain SSL.

Unfortunately, I have to connect to a server that requires SSL3 or
TLS1, and refuses to respond to SSL or SSL2.

I've done some troubleshooting using s_client and confirmed that if I
let s_client start with the default protocol the server never responds

    $ openssl s_client -connect
    no peer certificate available
    No client certificate CA names sent
    SSL handshake has read 0 bytes and written 320 bytes
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE

Watching this in Wireshark I see:

    Client                Server
        ---CLIENT HELLO----->
          [60 second pause]

If I tell s_client to use ssl2 the server immediately closes the
connection. Only ssl3 and tls1 work.

Is there any way to tell subversion to tell the underlying ssl
libraries to skip SSL and SSL2, and start the negotiation with TLS or
SSL3?  I've looked for an OpenSSL config file, but that seems to
control only certificate generation.

View raw message