[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Secure connection truncated due to libneon and 1.6.4

From: Chris Nagele <wildbit_at_gmail.com>
Date: Tue, 1 Sep 2009 14:13:02 -0400

We've been trying to fix a strange issue at Beanstalk after migrating
to Rackspace. I want to share the experience as it might help others.

PROBLEM

A small group of users were getting this error upon connecting to svn:

svn: OPTIONS of
'https://myaccount.svn.beanstalkapp.com/myproject/trunk': SSL
negotiation failed: Secure connection truncated
(https://myaccount.svn.beanstalkapp.com)

We found some commonality between them:

* Using Ubuntu 9.04, Fedora 11, Debian 5
* Using SVN 1.5 client or later

It worked with:
* ubuntu 8.04 - subversion 1.4.6

A customer compiled Subversion against serf and it worked for him. He
used libssl 0.9.8 and libserf instead of libneon.

SOLUTION

We have a Cisco load balancer (CSS) and had the ssl traffic decrypted
there instead of doing it on the servers. The problem is that the CSS
can't support TLS 1.1 connections. To fix this, we need to move SSL
back to each server instance.

We tested and this problem did not exist with the server using 1.6.3.
I read that this is to due to supporting only serf in 1.6.4, but I am
not sure. Ideally we would like to still use the CSS. If anyone has a
recommendation it would be greatly appreciated.

Thanks,
Chris Nagele
http://beanstalkapp.com

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2389859

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-09-01 20:14:49 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.