svn-client stopped working after server disabled SSLv3

From: Mikhail T. <mi+subversion-2014_at_aldan.algebra.com>
Date: Fri, 24 Oct 2014 17:10:03 -0400

Hello!

We are disabling SSLv3 on our servers to address the POODLE bug in the protocol.

Unfortunately, doing so breaks svn-clients on some of our systems -- most
notably, the RHEL5 boxes:

svn: OPTIONS of 'https://svn.example.net/svn/foo': SSL negotiation failed:
Secure connection truncated (https://svn.example.net)

It does not appear to depend on the version of svn -- both 1.6.11 (using neon)
and 1.8.23 (using serf) -- broke on RHEL5. RHEL5 uses OpenSSL-0.9.8e, which
supports TLS. Indeed, Apache using the same OpenSSL libraries on the same box is
able to talk TLSv1 to browsers...

RHEL6 uses the exact same version of svn (1.6.11), but there it links with
GNUTLS instead of OpenSSL -- and continues to work properly whether or not the
server offers SSLv3 or not.

Ideally, I'd like the RedHat-provided svn to start working again. If that's not
possible (soon), I can build our own custom RPM -- but what compile-time options
are needed to overcome this problem? I'd rather not depend on GNUTLS, because we
don't have that package installed at the moment, whereas OpenSSL is omnipresent.

Has anyone else dealt with this issue (successfully)? Please, advice. Thank you!

-mi
Received on 2014-10-24 23:22:22 CEST

This message: [ Message body ]
Next message: Mohsin: "Re: svn-client stopped working after server disabled SSLv3"
Previous message: Daniel J. Luke: "Re: [MacPorts] #45496: Subversion with JavaHL crashes on Yosemite"
Next in thread: Mohsin: "Re: svn-client stopped working after server disabled SSLv3"
Reply: Mohsin: "Re: svn-client stopped working after server disabled SSLv3"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]