[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn + SSL?

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Sat, 19 Dec 2015 10:43:01 +0000

jblist_at_icloud.com wrote on Thu, Dec 17, 2015 at 16:46:12 -0700:
> Setting up Apache for https is a bit heavy and SSH requires the
> existence of local users.

svn+ssh:// requires the existence of *one* local user, which be locked down
with command="svnserve -t",no-x11-forwarding, etc., in authorized_keys(5).

> Has there been any thought to added SSL/TLS to the svn protocol?
>
> Adding TLS doesn't seem like it would be
> that hard and would help when using SASL/LDAP when passing plaintext
> passwords.

It's not clear to me what your concern is, whether it is avoiding
password-based authentication, or achieving full on-the-wire encryption,
or something else.

In any case, I suspect it would be far less work to simply document how
to configure SASL with full on-the-wire encryption and client
certificates.

Or perhaps stunnel, which has its pros and cons (e.g., an SSL
vulnerability won't compromise the svn process).

Cheers,

Daniel
Received on 2015-12-19 11:43:25 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.