Hello, SVNKit relies on JRE SSL support, so I suppose FIPS should be configured on the JRE level. I found a relevant article at http://blogs.oracle.com/xuelei/entry/fips_140_compliant_mode_for
Also, I'd recommend to use the latest version of SVNKit from 1.3.x branch or v1.3.6 which is already deployed to our maven repository and will be available at our website tomorrow. Alexander Kitaev, TMate Software, http://svnkit.com/ - Java [Sub]Versioning Library! http://hg4j.com/ - Java Mercurial Library! http://sqljet.com/ - Java SQLite Library! On 26 September 2011 19:39, xray316 <[email protected]> wrote: > > Hello, > > We have an Apache server 2.2.19 and SVN 1.6.5 and SVN Kit svnkit-1.1.7.4142. > client > > We have implemented FIPS SSL with apache. Our SVN client connects fine to > the apache/SVN server.... BUT if we change the apache server FIPS mode on > for SSL, the SVN client cannot conncect -since svn kit does not use ssl that > is FIPS compliant. > > SVN Kit client tries to use a non-TLS1 protcol, and fails, see below... > > How can we run SVN kit clients with FIPS enabled SSL? > > [Mon Sep 26 11:17:55 2011] [info] mod_ssl/2.2.19 compiled against Server: > Apache/2.2.19, Library: OpenSSL/0.9.8r-fips > [Mon Sep 26 11:17:55 2011] [notice] Apache/2.2.19 (Unix) mod_ssl/2.2.19 > OpenSSL/0.9.8r-fips DAV/2 SVN/1.6.17 configured -- resuming normal > operations > [Mon Sep 26 11:17:55 2011] [info] Server built: Jun 13 2011 15:16:50 > [Mon Sep 26 11:17:55 2011] [debug] prefork.c(1023): AcceptMutex: sysvsem > (default: sysvsem) > [Mon Sep 26 11:18:03 2011] [info] [client 83.63] Connection to child 0 > established (server subversion.bart.com:443) > [Mon Sep 26 11:18:03 2011] [info] Seeding PRNG with 136 bytes of entropy > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1866): OpenSSL: > Handshake: start > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: > before/accept initialization > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1897): OpenSSL: read > 11/11 bytes from BIO#8530df0 [mem: 8540b00] (BIO dump follows) > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1830): > +-------------------------------------------------------------------------+ > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1869): | 0000: 16 03 00 > 00 51 01 00 00-4d 03 ....Q...M. | > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1873): | 0011 - > <SPACES/NULS> > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1875): > +-------------------------------------------------------------------------+ > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1903): OpenSSL: Exit: > error in SSLv2/v3 read client hello A > [Mon Sep 26 11:18:03 2011] [info] [client 83.63] SSL library error 1 in > handshake (server :443) > [Mon Sep 26 11:18:03 2011] [info] SSL Library Error: 336027945 > error:14076129:SSL routines:SSL23_GET_CLIENT_HELLO:only tls allowed in fips > mode > > -- > View this message in context: > http://old.nabble.com/Need-information-about-configuring-SSL-HTTPS-with-SVN-Kit...-tp32503957p32503957.html > Sent from the SVNKit - Users mailing list archive at Nabble.com. > > >
