Secure connection truncated due to libneon and 1.6.4

We've been trying to fix a strange issue at Beanstalk after migrating
to Rackspace. I want to share the experience as it might help others.

PROBLEM

A small group of users were getting this error upon connecting to svn:

svn: OPTIONS of
'https://myaccount.svn.beanstalkapp.com/myproject/trunk': SSL
negotiation failed: Secure connection truncated
(https://myaccount.svn.beanstalkapp.com)

We found some commonality between them:

* Using Ubuntu 9.04, Fedora 11, Debian 5
* Using SVN 1.5 client or later

It worked with:
* ubuntu 8.04 - subversion 1.4.6

A customer compiled Subversion against serf and it worked for him. He
used libssl 0.9.8 and libserf instead of libneon.

SOLUTION

We have a Cisco load balancer (CSS) and had the ssl traffic decrypted
there instead of doing it on the servers. The problem is that the CSS
can't support TLS 1.1 connections. To fix this, we need to move SSL
back to each server instance.

We tested and this problem did not exist with the server using 1.6.3.
I read that this is to due to supporting only serf in 1.6.4, but I am
not sure. Ideally we would like to still use the CSS. If anyone has a
recommendation it would be greatly appreciated.

Thanks,
Chris Nagele
http://beanstalkapp.com

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2389859

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-09-01 20:14:49 CEST