Hello, We have an Apache server 2.2.19 and SVN 1.6.5 and SVN Kit svnkit-1.1.7.4142. client
We have implemented FIPS SSL with apache. Our SVN client connects fine to the apache/SVN server.... BUT if we change the apache server FIPS mode on for SSL, the SVN client cannot conncect -since svn kit does not use ssl that is FIPS compliant. SVN Kit client tries to use a non-TLS1 protcol, and fails, see below... How can we run SVN kit clients with FIPS enabled SSL? [Mon Sep 26 11:17:55 2011] [info] mod_ssl/2.2.19 compiled against Server: Apache/2.2.19, Library: OpenSSL/0.9.8r-fips [Mon Sep 26 11:17:55 2011] [notice] Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8r-fips DAV/2 SVN/1.6.17 configured -- resuming normal operations [Mon Sep 26 11:17:55 2011] [info] Server built: Jun 13 2011 15:16:50 [Mon Sep 26 11:17:55 2011] [debug] prefork.c(1023): AcceptMutex: sysvsem (default: sysvsem) [Mon Sep 26 11:18:03 2011] [info] [client 83.63] Connection to child 0 established (server subversion.bart.com:443) [Mon Sep 26 11:18:03 2011] [info] Seeding PRNG with 136 bytes of entropy [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1866): OpenSSL: Handshake: start [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: before/accept initialization [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1897): OpenSSL: read 11/11 bytes from BIO#8530df0 [mem: 8540b00] (BIO dump follows) [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1830): +-------------------------------------------------------------------------+ [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1869): | 0000: 16 03 00 00 51 01 00 00-4d 03 ....Q...M. | [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1873): | 0011 - <SPACES/NULS> [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1875): +-------------------------------------------------------------------------+ [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1903): OpenSSL: Exit: error in SSLv2/v3 read client hello A [Mon Sep 26 11:18:03 2011] [info] [client 83.63] SSL library error 1 in handshake (server :443) [Mon Sep 26 11:18:03 2011] [info] SSL Library Error: 336027945 error:14076129:SSL routines:SSL23_GET_CLIENT_HELLO:only tls allowed in fips mode -- View this message in context: http://old.nabble.com/Need-information-about-configuring-SSL-HTTPS-with-SVN-Kit...-tp32503957p32503957.html Sent from the SVNKit - Users mailing list archive at Nabble.com.
