[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: tsvn 1.7.7 and later: client certificates: unsupported algorithm nid

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: Mon, 29 Oct 2012 07:51:45 +0100

On 28.10.2012 15:30, vario fox wrote:
> I am sorry, but i'll have to insist :-) I don't believe a
> misconfiguration / trust issue to be the problem.
> It works in the following scenarios: - many recent versions of
> Internet Explorer - many recent versions of Firefox - all versions of
> tortoise svn up to 1.7.6 - cygwin-based svn, Version 1.7.7
> (r1393599) All on at least 10 different computers, some with the
> same, some with other client certificates.
> It does not work with versions of tortoise svn above 1.7.6 on two
> different machines using two different client certificates, neither
> in the GUI nor in the command line mode.

"SSL handshake failed: SSL error: unsupported algorithm nid"
That indicates that your server or a proxy in between uses an
unsupported algorithm.
TSVN always uses the latest OpenSSL version with the default build
options. And recent versions of OpenSSL made some changes, including:
* deactivating insecure algorithms (those that have been "broken" lately
or are considered not secure anymore)
* strengthen cert verification, e.g. certs in the chain that worked
before might not work anymore since they're not secure enough

That's all I can tell you.
I only compile OpenSSL and the svn lib, I don't know the code that does
the whole authentication.
Maybe you can get more help on the svn users list or an openssl list.


   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest Interface to (Sub)Version Control
    /_/   \_\     http://tortoisesvn.net
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2012-10-29 07:51:56 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.