Hello Sam, What version of SVNKit are you using? Could you please try v1.3.6 that we've just uploaded to the SVNKit web site (http://svnkit.com/). Thanks!
Alexander Kitaev, TMate Software, http://svnkit.com/ - Java [Sub]Versioning Library! http://hg4j.com/ - Java Mercurial Library! http://sqljet.com/ - Java SQLite Library! On 27 September 2011 22:56, Sam Theman <[email protected]> wrote: > > Hello Alexander, > > I think I found the issue. Your SVN Kit Class > > org.tmatesoft.svn.core.internal.wc.DefaultSVNSSLManager.getSSLContext > > is specifically requesting SSLV3... anyway to change this? > > Sam > > public SSLContext getSSLContext() throws IOException { > > 145 > > try { > > 146 > > SSLContext context = SSLContext.getInstance("SSLv3"); > > 147 > > context.init(getKeyManagers(), new TrustManager[] {new X509TrustManager() { > > 148 > > public X509Certificate[] getAcceptedIssuers() { > > 149 > > init(); > > 150 > > return myTrustedCerts; > > 151 > > } > > > Date: Mon, 26 Sep 2011 21:25:54 +0200 > > Subject: Re: Need information about configuring SSL/HTTPS with SVN Kit... > > From: [email protected] > > To: [email protected] > > > > Hello, > > > > SVNKit relies on JRE SSL support, so I suppose FIPS should be > > configured on the JRE level. > > I found a relevant article at > > http://blogs.oracle.com/xuelei/entry/fips_140_compliant_mode_for > > > > Also, I'd recommend to use the latest version of SVNKit from 1.3.x > > branch or v1.3.6 which is already deployed to our maven repository and > > will be available at our website tomorrow. > > > > Alexander Kitaev, > > TMate Software, > > http://svnkit.com/ - Java [Sub]Versioning Library! > > http://hg4j.com/ - Java Mercurial Library! > > http://sqljet.com/ - Java SQLite Library! > > > > > > > > On 26 September 2011 19:39, xray316 <[email protected]> wrote: > > > > > > Hello, > > > > > > We have an Apache server 2.2.19 and SVN 1.6.5 and SVN Kit > > > svnkit-1.1.7.4142. > > > client > > > > > > We have implemented FIPS SSL with apache. Our SVN client connects fine to > > > the apache/SVN server.... BUT if we change the apache server FIPS mode on > > > for SSL, the SVN client cannot conncect -since svn kit does not use ssl > > > that > > > is FIPS compliant. > > > > > > SVN Kit client tries to use a non-TLS1 protcol, and fails, see below... > > > > > > How can we run SVN kit clients with FIPS enabled SSL? > > > > > > [Mon Sep 26 11:17:55 2011] [info] mod_ssl/2.2.19 compiled against Server: > > > Apache/2.2.19, Library: OpenSSL/0.9.8r-fips > > > [Mon Sep 26 11:17:55 2011] [notice] Apache/2.2.19 (Unix) mod_ssl/2.2.19 > > > OpenSSL/0.9.8r-fips DAV/2 SVN/1.6.17 configured -- resuming normal > > > operations > > > [Mon Sep 26 11:17:55 2011] [info] Server built: Jun 13 2011 15:16:50 > > > [Mon Sep 26 11:17:55 2011] [debug] prefork.c(1023): AcceptMutex: sysvsem > > > (default: sysvsem) > > > [Mon Sep 26 11:18:03 2011] [info] [client 83.63] Connection to child 0 > > > established (server subversion.bart.com:443) > > > [Mon Sep 26 11:18:03 2011] [info] Seeding PRNG with 136 bytes of entropy > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1866): OpenSSL: > > > Handshake: start > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: > > > Loop: > > > before/accept initialization > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1897): OpenSSL: read > > > 11/11 bytes from BIO#8530df0 [mem: 8540b00] (BIO dump follows) > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1830): > > > +-------------------------------------------------------------------------+ > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1869): | 0000: 16 03 00 > > > 00 51 01 00 00-4d 03 ....Q...M. | > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1873): | 0011 - > > > <SPACES/NULS> > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1875): > > > +-------------------------------------------------------------------------+ > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1903): OpenSSL: > > > Exit: > > > error in SSLv2/v3 read client hello A > > > [Mon Sep 26 11:18:03 2011] [info] [client 83.63] SSL library error 1 in > > > handshake (server :443) > > > [Mon Sep 26 11:18:03 2011] [info] SSL Library Error: 336027945 > > > error:14076129:SSL routines:SSL23_GET_CLIENT_HELLO:only tls allowed in > > > fips > > > mode > > > > > > -- > > > View this message in context: > > > http://old.nabble.com/Need-information-about-configuring-SSL-HTTPS-with-SVN-Kit...-tp32503957p32503957.html > > > Sent from the SVNKit - Users mailing list archive at Nabble.com. > > > > > > > > > > >
