On 04 Feb 2013, at 5:38 PM, Graham Leggett <[email protected]> wrote: > I finally stumbled on a way to put the certificate in on a per project basis > (highly non ideal, but I'll take anything that works at this point). Still no > joy. > > The error I get is this: > Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection > during handshake > The remote host disconnects because of this: > > SSL Library Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong > version number > > All of these are deep protocol errors that are just dumped in a logfile, the > actual error is discarded or ignored. > > Is there a way to get rid of svnkit entirely? In our case the native svn > client works fine, we don't need this second client, it doesn't seem to work > properly with digital certificates and/or SNI and has no error handling at > all.
I finally got to the bottom of this one. For reasons not entirely clear, svnkit defaults to using the SSLv3 protocol only. No newer protocols are accepted. SNI is a TLSv1+ feature, and so our svn server is configured to accept TLSv1 as a minimum protocol. The svnkit default causes the handshake failure, and because the actual error is discarded we don't see the cause. The workaround is to add the following to the JVM: -Dsvnkit.http.sslProtocols=TLSv1 Regards, Graham --
smime.p7s
Description: S/MIME cryptographic signature
