[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Recent Heartbleed OpenSSL bug may affect HTTPS Subversion servers

From: Ben Reser <ben_at_reser.org>
Date: Fri, 11 Apr 2014 16:10:14 -0700

On 4/11/14, 12:52 PM, Nico Kadel-Garcia wrote:
> Do you have a pointer to that? It's a reasonable claim, I'd just not
> seen anything for verifying it or testing against HTTP sites that have
> HTTPS enabled, perhaps even with HTTPS only accessible behind a
> closed firewall for administrative user

Apache HTTP Server can respond to multiple ports, some of which may be SSL
enabled and some of which that many not. The same processes are used for
either. As such even if you only have your Subversion repository running over
HTTP, if you have SSL enabled for some other purpose, your Subversion related
data in memory might be exposed.
Received on 2014-04-12 01:11:07 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.