subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Reser <>
Subject Re: Recent Heartbleed OpenSSL bug may affect HTTPS Subversion servers
Date Fri, 11 Apr 2014 23:10:14 GMT
On 4/11/14, 12:52 PM, Nico Kadel-Garcia wrote:
> Do you have a pointer to that? It's a reasonable claim, I'd just not
> seen anything for verifying it or testing against HTTP sites that have
> HTTPS enabled, perhaps even with HTTPS only  accessible behind a
> closed firewall for administrative user

Apache HTTP Server can respond to multiple ports, some of which may be SSL
enabled and some of which that many not.  The same processes are used for
either.  As such even if you only have your Subversion repository running over
HTTP, if you have SSL enabled for some other purpose, your Subversion related
data in memory might be exposed.

View raw message