[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Newbie: SSL and encryption

From: Pekka Niiranen <pekka.niiranen_at_wlanmail.com>
Date: 2005-08-09 21:27:55 CEST

Hi there,

If I only use server side SSL Certificates
when accessing repository without
"SSLVerifyClient require" -directive in httpd.conf,
like this:

<Location /project1>
    DAV svn
    SVNPath /home/www/repositories/project1
    AuthType Basic
    AuthName "Subversion repository"
    AuthUserFile /home/www/htpasswd
    Require valid-user
    SSLRequireSSL
</Location>

will the asked "username/password" -pair be changed encrypted
between the client and the server?

The manual says:

"The Neon library used by the Subversion client
is not only able to verify server certificates,
but can also supply client certificates when challenged.
When the client and server have exchanged SSL certificates
and successfully authenticated one another,
all further communication is encrypted via a session key."

This implies that encryption occurs only when BOTH
server and client provide certificates.

-pekka-

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Aug 10 08:52:33 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.