Philip Martin wrote on Fri, Jun 15, 2012 at 16:32:13 +0100:
> Daniel Shahaf <danielsh_at_elego.de> writes:
>
> > Garrison, Jim (ETW) wrote on Thu, Jun 14, 2012 at 10:49:47 -0700:
> >>
> >> This is going to cause major headaches for a lot of people. OpenSSL
> >> client versions 1.0.1 and later can and will cause earlier server
> >> versions to hang at CLIENT HELLO. There are options in the OpenSSL
> >> code to tailor the client behavior to avoid this, but they require
> >> the client applications (i.e. subversion) to support setting these
> >> options. For example
> >>
> >> ctx = SSL_CTX_new(...);
> >> SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2);
> >>
> >> What's the possibility of getting an enhancement to subversion to support this in its server configuration?
> >
> > Haven't read everything, but Subversion does not call SSL_CTX_new() at
> > all; its dependencies, libneon and/or libserf, do.
>
> Both serf and neon do:
>
> SSL_CTX_set_options(ctx, SSL_OP_ALL);
>
> neon provides ne_ssl_context_set_flag() but it can only be used to
> set/clear SSL_OP_NO_SSLv2.
I assume that's with the latest stable release of each?
Received on 2012-06-15 20:40:33 CEST