Newer SSL libraries and TLSv1.2 incompatibilities
From: Garrison, Jim (ETW) <Jim.Garrison_at_nike.com>
Date: Wed, 13 Jun 2012 15:56:19 -0700
Regarding my question in the thread titled "When connecting to an https server force use of TLS or SSLv3?".
I asked that before I fully understood the problem, which is actually due to a backwards incompatibility in the newest OpenSSL libraries (1.0.1c) used by Subversion. Essentially, the newest client library can cause older servers to hang when it sends a TLSv1.2 handshake.
The release notes for OpenSSL 1.0.1c contain (changes between 1.0.1 and 1.0.1a):
*) Workarounds for some broken servers that "hang" if a client hello
1. Do not use record version number > TLS 1.0 in initial client
Is there any way, other than completely rebuilding svn locally, to use these workarounds?
This is an archived mail posted to the Subversion Users mailing list.