ok, I installed 1.3.6, and this looks more promising... I will let you know.... did you change something in this release regarding the ssl?
> Date: Wed, 28 Sep 2011 20:08:18 +0400 > Subject: Re: > From: [email protected] > To: [email protected] > > Hello Sam, > > What version of SVNKit are you using? Could you please try v1.3.6 that > we've just uploaded to the SVNKit web site (http://svnkit.com/). > Thanks! > > > Alexander Kitaev, > TMate Software, > http://svnkit.com/ - Java [Sub]Versioning Library! > http://hg4j.com/ - Java Mercurial Library! > http://sqljet.com/ - Java SQLite Library! > > > On 27 September 2011 22:56, Sam Theman <[email protected]> wrote: > > > > Hello Alexander, > > > > I think I found the issue. Your SVN Kit Class > > > > org.tmatesoft.svn.core.internal.wc.DefaultSVNSSLManager.getSSLContext > > > > is specifically requesting SSLV3... anyway to change this? > > > > Sam > > > > public SSLContext getSSLContext() throws IOException { > > > > 145 > > > > try { > > > > 146 > > > > SSLContext context = SSLContext.getInstance("SSLv3"); > > > > 147 > > > > context.init(getKeyManagers(), new TrustManager[] {new > > X509TrustManager() { > > > > 148 > > > > public X509Certificate[] getAcceptedIssuers() { > > > > 149 > > > > init(); > > > > 150 > > > > return myTrustedCerts; > > > > 151 > > > > } > > > > > Date: Mon, 26 Sep 2011 21:25:54 +0200 > > > Subject: Re: Need information about configuring SSL/HTTPS with SVN Kit... > > > From: [email protected] > > > To: [email protected] > > > > > > Hello, > > > > > > SVNKit relies on JRE SSL support, so I suppose FIPS should be > > > configured on the JRE level. > > > I found a relevant article at > > > http://blogs.oracle.com/xuelei/entry/fips_140_compliant_mode_for > > > > > > Also, I'd recommend to use the latest version of SVNKit from 1.3.x > > > branch or v1.3.6 which is already deployed to our maven repository and > > > will be available at our website tomorrow. > > > > > > Alexander Kitaev, > > > TMate Software, > > > http://svnkit.com/ - Java [Sub]Versioning Library! > > > http://hg4j.com/ - Java Mercurial Library! > > > http://sqljet.com/ - Java SQLite Library! > > > > > > > > > > > > On 26 September 2011 19:39, xray316 <[email protected]> wrote: > > > > > > > > Hello, > > > > > > > > We have an Apache server 2.2.19 and SVN 1.6.5 and SVN Kit > > > > svnkit-1.1.7.4142. > > > > client > > > > > > > > We have implemented FIPS SSL with apache. Our SVN client connects fine > > > > to > > > > the apache/SVN server.... BUT if we change the apache server FIPS mode > > > > on > > > > for SSL, the SVN client cannot conncect -since svn kit does not use ssl > > > > that > > > > is FIPS compliant. > > > > > > > > SVN Kit client tries to use a non-TLS1 protcol, and fails, see below... > > > > > > > > How can we run SVN kit clients with FIPS enabled SSL? > > > > > > > > [Mon Sep 26 11:17:55 2011] [info] mod_ssl/2.2.19 compiled against > > > > Server: > > > > Apache/2.2.19, Library: OpenSSL/0.9.8r-fips > > > > [Mon Sep 26 11:17:55 2011] [notice] Apache/2.2.19 (Unix) mod_ssl/2.2.19 > > > > OpenSSL/0.9.8r-fips DAV/2 SVN/1.6.17 configured -- resuming normal > > > > operations > > > > [Mon Sep 26 11:17:55 2011] [info] Server built: Jun 13 2011 15:16:50 > > > > [Mon Sep 26 11:17:55 2011] [debug] prefork.c(1023): AcceptMutex: sysvsem > > > > (default: sysvsem) > > > > [Mon Sep 26 11:18:03 2011] [info] [client 83.63] Connection to child 0 > > > > established (server subversion.bart.com:443) > > > > [Mon Sep 26 11:18:03 2011] [info] Seeding PRNG with 136 bytes of entropy > > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1866): OpenSSL: > > > > Handshake: start > > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: > > > > Loop: > > > > before/accept initialization > > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1897): OpenSSL: read > > > > 11/11 bytes from BIO#8530df0 [mem: 8540b00] (BIO dump follows) > > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1830): > > > > +-------------------------------------------------------------------------+ > > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1869): | 0000: 16 03 > > > > 00 > > > > 00 51 01 00 00-4d 03 ....Q...M. | > > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1873): | 0011 - > > > > <SPACES/NULS> > > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_io.c(1875): > > > > +-------------------------------------------------------------------------+ > > > > [Mon Sep 26 11:18:03 2011] [debug] ssl_engine_kernel.c(1903): OpenSSL: > > > > Exit: > > > > error in SSLv2/v3 read client hello A > > > > [Mon Sep 26 11:18:03 2011] [info] [client 83.63] SSL library error 1 in > > > > handshake (server :443) > > > > [Mon Sep 26 11:18:03 2011] [info] SSL Library Error: 336027945 > > > > error:14076129:SSL routines:SSL23_GET_CLIENT_HELLO:only tls allowed in > > > > fips > > > > mode > > > > > > > > -- > > > > View this message in context: > > > > http://old.nabble.com/Need-information-about-configuring-SSL-HTTPS-with-SVN-Kit...-tp32503957p32503957.html > > > > Sent from the SVNKit - Users mailing list archive at Nabble.com. > > > > > > > > > > > > > > > >
