I agree. I digged a bit deeper on this and here is my analysis result and suggestion:
1. I understand SVN & TortoiseSVN work with P12-formatted certificates only. 2. This format is supported by OpenSSL only, if the "legacy" provider is activated. Easy to proof that reproducible on Linux: Install openssl 3.x and without activating the legacy-provider it won't support P12 (aka PFX) certificates. The "legacy" profider needs to be activated in openssl.cfn. 3. I understand TortoiseSVN's usage of OpenSSL isn't configurable. So there should be an option to switch on the legacy crypto providers OR it should be made configurable. I think there needs to be a config call with legacy provider enabled during startup of openssl. I am not very familiar with the TortoiseSVN code - so it would be fantastic if somebody knowledgeable would give it a try. Best regards, Andreas [email protected] schrieb am Samstag, 23. April 2022 um 21:42:30 UTC+2: > lördag 23 april 2022 kl. 18:22:14 UTC+2 skrev [email protected]: > >> I wonder whether it would be feasible to return to OpenSSL 1.1.0 for >> Tortoise SVN. 1.1.1 doesn't with with >= TLS 1.2 and client certificates. >> Using client certificates seems to be a great security advantage, if an SVN >> server is exposed to the internet. >> >> Anybody has thoughts on this? >> > > Moving back to a version last updated in september 2019 (eol 2019-09-11) > seems like a risky choice security wise. But you may be able to compile it > yourself. > > I don't know what the situation would be if updating to OpenSSL 3.0 but > that seems to be a better way forward. > > Daniel > > -- You received this message because you are subscribed to the Google Groups "TortoiseSVN" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tortoisesvn/a2bb57b5-e31d-4092-bdd5-0ef4615da5c9n%40googlegroups.com.
