Newbie: SSL and encryption

From: Pekka Niiranen <pekka.niiranen_at_wlanmail.com>
Date: 2005-08-10 08:47:32 CEST

Hi there,

If I only use server side SSL Certificates
when accessing repository without
"SSLVerifyClient require" -directive in httpd.conf,
like this:

<Location /project1>
   DAV svn
   SVNPath /home/www/repositories/project1
   AuthType Basic
   AuthName "Subversion repository"
   AuthUserFile /home/www/htpasswd
   Require valid-user
   SSLRequireSSL
</Location>

will the asked "username/password" -pair be changed encrypted
between the client and the server?

The manual says:

"The Neon library used by the Subversion client
is not only able to verify server certificates,
but can also supply client certificates when challenged.
When the client and server have exchanged SSL certificates
and successfully authenticated one another,
all further communication is encrypted via a session key."

This implies that encryption occurs only when BOTH
server and client provide certificates.

-pekka-

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Aug 10 08:47:13 2005

This message: [ Message body ]
Next message: Ph. Marek: "Re: owner-group-mode [WAS: using 'mv' to replace files, subversion does not detect changes]"
Previous message: G Bit: "Re: Failed to load module for FS type 'fsfs'"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]