[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Recent Heartbleed OpenSSL bug may affect HTTPS Subversion servers

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Fri, 11 Apr 2014 22:26:10 -0400

On Fri, Apr 11, 2014 at 7:10 PM, Ben Reser <ben_at_reser.org> wrote:
> On 4/11/14, 12:52 PM, Nico Kadel-Garcia wrote:
>> Do you have a pointer to that? It's a reasonable claim, I'd just not
>> seen anything for verifying it or testing against HTTP sites that have
>> HTTPS enabled, perhaps even with HTTPS only accessible behind a
>> closed firewall for administrative user
>
> Apache HTTP Server can respond to multiple ports, some of which may be SSL
> enabled and some of which that many not. The same processes are used for
> either. As such even if you only have your Subversion repository running over
> HTTP, if you have SSL enabled for some other purpose, your Subversion related
> data in memory might be exposed.
Received on 2014-04-12 04:26:44 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.