Newer SSL libraries and TLSv1.2 incompatibilities
From: Garrison, Jim (ETW) <Jim.Garrison_at_nike.com>
Date: Wed, 13 Jun 2012 15:56:19 -0700
Regarding my question in the thread titled "When connecting to an https server force use of TLS or SSLv3?".
I asked that before I fully understood the problem, which is actually due to a backwards incompatibility in the newest OpenSSL libraries (1.0.1c) used by Subversion. Essentially, the newest client library can cause older servers to hang when it sends a TLSv1.2 handshake.
The release notes for OpenSSL 1.0.1c contain (changes between 1.0.1 and 1.0.1a):
*) Workarounds for some broken servers that "hang" if a client hello
1. Do not use record version number > TLS 1.0 in initial client
Is there any way, other than completely rebuilding svn locally, to use these workarounds?
|
This is an archived mail posted to the Subversion Users mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.