RE: Need information about configuring SSL/HTTPS with SVN Kit...

Tue, 27 Sep 2011 11:13:30 -0700 

Thank you Alexander,
I think I was able to drop in the FIPS provider in the java jdk, but now I get 
this error from SVN Kit....:
Sep 27, 2011 2:08:13 PM 
org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger infoFINE: Keep-Alive 
timeout detectedSep 27, 2011 2:08:13 PM 
org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger infoFINE: SSLv3 
SSLContext not availablejava.io.IOException: SSLv3 SSLContext not available     
   at 
org.tmatesoft.svn.core.internal.wc.DefaultSVNSSLManager.getSSLContext(DefaultSVNSSLManager.java:230)
        at 
org.tmatesoft.svn.core.internal.util.SVNSocketFactory.createSSLSocket(SVNSocketFactory.java:84)
        at 
org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.connect(HTTPConnection.java:156)
        at 
org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:286)
        at 
org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:245)
        at 
org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:233)
        at 
org.tmatesoft.svn.core.internal.io.dav.DAVConnection.doPropfind(DAVConnection.java:97)
        at 
org.tmatesoft.svn.core.internal.io.dav.DAVUtil.getProperties(DAVUtil.java:57)   
     at 
org.tmatesoft.svn.core.internal.io.dav.DAVUtil.getResourceProperties(DAVUtil.java:62)
        at 
org.tmatesoft.svn.core.internal.io.dav.DAVUtil.getStartingProperties(DAVUtil.java:92)
        at 
org.tmatesoft.svn.core.internal.io.dav.DAVUtil.findStartingProperties(DAVUtil.java:114)
        at 
org.tmatesoft.svn.core.internal.io.dav.DAVUtil.getBaselineProperties(DAVUtil.java:199)
        at 
org.tmatesoft.svn.core.internal.io.dav.DAVUtil.getBaselineInfo(DAVUtil.java:162)
        at 
org.tmatesoft.svn.core.internal.io.dav.DAVRepository.checkPath(DAVRepository.java:186)

> Date: Mon, 26 Sep 2011 21:25:54 +0200
> Subject: Re: Need information about configuring SSL/HTTPS with SVN Kit...
> From: [email protected]
> To: [email protected]
> 
> Hello,
> 
> SVNKit relies on JRE SSL support, so I suppose FIPS should be
> configured on the JRE level.
> I found a relevant article at
> http://blogs.oracle.com/xuelei/entry/fips_140_compliant_mode_for
> 
> Also, I'd recommend to use the latest version of SVNKit from 1.3.x
> branch or v1.3.6 which is already deployed to our maven repository and
> will be available at our website tomorrow.
> 
> Alexander Kitaev,
> TMate Software,
> http://svnkit.com/ - Java [Sub]Versioning Library!
> http://hg4j.com/ - Java Mercurial Library!
> http://sqljet.com/ - Java SQLite Library!
> 
> 
> 
> On 26 September 2011 19:39, xray316 <[email protected]> wrote:
> >
> > Hello,
> >
> > We have an Apache server 2.2.19 and SVN 1.6.5 and SVN Kit svnkit-1.1.7.4142.
> > client
> >
> > We have implemented FIPS SSL with apache. Our SVN client connects fine to
> > the apache/SVN server.... BUT if we change the apache server FIPS mode on
> > for SSL, the SVN client cannot conncect -since svn kit does not use ssl that
> > is FIPS compliant.
> >
> > SVN Kit client tries to use a non-TLS1 protcol, and fails, see below...
> >
> > How can we run SVN kit clients with FIPS enabled SSL?
> >
> > [Mon Sep 26 11:17:55 2011] [info] mod_ssl/2.2.19 compiled against Server:
> > Apache/2.2.19, Library: OpenSSL/0.9.8r-fips
> > [Mon Sep 26 11:17:55 2011] [notice] Apache/2.2.19 (Unix) mod_ssl/2.2.19
> > OpenSSL/0.9.8r-fips DAV/2 SVN/1.6.17 configured -- resuming normal
> > operations
> > [Mon Sep 26 11:17:55 2011] [info] Server built: Jun 13 2011 15:16:50
> > [Mon Sep 26 11:17:55 2011] [debug] prefork.c(1023): AcceptMutex: sysvsem
> > (default: sysvsem)
> > [Mon Sep 26 11:18:03 2011] [info] [client 83.63] Connection to child 0
> > established (server subversion.bart.com:443)
> > [Mon Sep 26 11:18:03 2011] [info] Seeding PRNG with 136 bytes of entropy
> > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1866): OpenSSL:
> > Handshake: start
> > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop:
> > before/accept initialization
> > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1897): OpenSSL: read
> > 11/11 bytes from BIO#8530df0 [mem: 8540b00] (BIO dump follows)
> > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1830):
> > +-------------------------------------------------------------------------+
> > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1869): | 0000: 16 03 00
> > 00 51 01 00 00-4d 03                    ....Q...M.       |
> > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1873): | 0011 -
> > <SPACES/NULS>
> > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1875):
> > +-------------------------------------------------------------------------+
> > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1903): OpenSSL: Exit:
> > error in SSLv2/v3 read client hello A
> > [Mon Sep 26 11:18:03 2011] [info] [client 83.63] SSL library error 1 in
> > handshake (server :443)
> > [Mon Sep 26 11:18:03 2011] [info] SSL Library Error: 336027945
> > error:14076129:SSL routines:SSL23_GET_CLIENT_HELLO:only tls allowed in fips
> > mode
> >
> > --
> > View this message in context: 
> > http://old.nabble.com/Need-information-about-configuring-SSL-HTTPS-with-SVN-Kit...-tp32503957p32503957.html
> > Sent from the SVNKit - Users mailing list archive at Nabble.com.
> >
> >
> >
>

Reply via email to