Newbie: SSL and encryption

From: Pekka Niiranen <pekka.niiranen_at_wlanmail.com>
Date: 2005-08-09 21:27:55 CEST

Hi there,

If I only use server side SSL Certificates
when accessing repository without
"SSLVerifyClient require" -directive in httpd.conf,
like this:

<Location /project1>
    DAV svn
    SVNPath /home/www/repositories/project1
    AuthType Basic
    AuthName "Subversion repository"
    AuthUserFile /home/www/htpasswd
    Require valid-user
    SSLRequireSSL
</Location>

will the asked "username/password" -pair be changed encrypted
between the client and the server?

The manual says:

"The Neon library used by the Subversion client
is not only able to verify server certificates,
but can also supply client certificates when challenged.
When the client and server have exchanged SSL certificates
and successfully authenticated one another,
all further communication is encrypted via a session key."

This implies that encryption occurs only when BOTH
server and client provide certificates.

-pekka-

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Aug 10 08:52:33 2005

This message: [ Message body ]
Next message: Guilhem BONNEFILLE: "SVN administrative tool"
Previous message: Ph. Marek: "Re: owner-group-mode [WAS: using 'mv' to replace files, subversion does not detect changes]"
Next in thread: Miha Vitorovic: "Re: Newbie: SSL and encryption"
Reply: Miha Vitorovic: "Re: Newbie: SSL and encryption"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]