subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Shahaf <danie...@elego.de>
Subject Re: Newer SSL libraries and TLSv1.2 incompatibilities
Date Fri, 15 Jun 2012 18:39:56 GMT
Philip Martin wrote on Fri, Jun 15, 2012 at 16:32:13 +0100:
> Daniel Shahaf <danielsh@elego.de> writes:
> 
> > Garrison, Jim (ETW) wrote on Thu, Jun 14, 2012 at 10:49:47 -0700:
> >> 
> >> This is going to cause major headaches for a lot of people.  OpenSSL
> >> client versions 1.0.1 and later can and will cause earlier server
> >> versions to hang at CLIENT HELLO.  There are options in the OpenSSL
> >> code to tailor the client behavior to avoid this, but they require
> >> the client applications (i.e. subversion) to support setting these
> >> options. For example
> >> 
> >>     ctx = SSL_CTX_new(...);
> >>     SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2);
> >> 
> >> What's the possibility of getting an enhancement to subversion to support this
in its server configuration?
> >
> > Haven't read everything, but Subversion does not call SSL_CTX_new() at
> > all; its dependencies, libneon and/or libserf, do.
> 
> Both serf and neon do:
> 
>    SSL_CTX_set_options(ctx, SSL_OP_ALL);
> 
> neon provides ne_ssl_context_set_flag() but it can only be used to
> set/clear SSL_OP_NO_SSLv2.

I assume that's with the latest stable release of each?

Mime
View raw message