Setting allowed SSL cipher suite in svn client

From: <Jason.C.Burns_at_wellsfargo.com>
Date: Thu, 30 Jul 2009 17:14:12 -0500

I've a quick question - is anyone aware of the ability to change what cipher
suite the svn client will try to negotiate with when connecting to an apache
DAV module?

I am running svn 1.5.5 on the server with Apache 2.2.8 with SSL enabled on a
RHEL 4 machine. Using a default cipher suite list in
/etc/opt/CollabNet_Subversion/conf/extra/httpd-ssl.conf works just fine. My
client on an HP-UX machine with version:

bash-3.2$ svn --version
svn, version 1.6.3 (r38063)
compiled Jul 6 2009, 15:10:14

Works fine as well.

Changing the cipher suite on the apache side to anything extremely paranoid
(or extremely insecure for that matter) results in:

svn: OPTIONS of 'https://<host>:<port>/<repopath>': SSL negotiation failed:
SSL error: sslv3 alert handshake failure (https:// <host>:<port>)

I can only imagine the client is not able to negotiate against the list
provided by the server. Looking at the config and servers file, I see
nothing to set the cipher list.

Any ideas (perhaps there is a neon config file that handles the creation of
the SSL context for https?) or should I file this as an enhancement request?

I am not currently subscribed to this list. Thanks!

Jason

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2377159

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].

application/x-pkcs7-signature attachment: smime.p7s

Received on 2009-07-31 00:15:52 CEST

This message: [ Message body ]
Next message: Reagan Penner: "does the start-commit hook contain the ability to block a svn client < a certain version"
Previous message: Michael Diers: "Re: [FDA] approval"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]