[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

svn-client stopped working after server disabled SSLv3

From: Mikhail T. <mi+subversion-2014_at_aldan.algebra.com>
Date: Fri, 24 Oct 2014 17:10:03 -0400


We are disabling SSLv3 on our servers to address the POODLE bug in the protocol.

Unfortunately, doing so breaks svn-clients on some of our systems -- most
notably, the RHEL5 boxes:

    svn: OPTIONS of 'https://svn.example.net/svn/foo': SSL negotiation failed:
    Secure connection truncated (https://svn.example.net)

It does not appear to depend on the version of svn -- both 1.6.11 (using neon)
and 1.8.23 (using serf) -- broke on RHEL5. RHEL5 uses OpenSSL-0.9.8e, which
supports TLS. Indeed, Apache using the same OpenSSL libraries on the same box is
able to talk TLSv1 to browsers...

RHEL6 uses the exact same version of svn (1.6.11), but there it links with
GNUTLS instead of OpenSSL -- and continues to work properly whether or not the
server offers SSLv3 or not.

Ideally, I'd like the RedHat-provided svn to start working again. If that's not
possible (soon), I can build our own custom RPM -- but what compile-time options
are needed to overcome this problem? I'd rather not depend on GNUTLS, because we
don't have that package installed at the moment, whereas OpenSSL is omnipresent.

Has anyone else dealt with this issue (successfully)? Please, advice. Thank you!

Received on 2014-10-24 23:22:22 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.