Problems with SVN and old SSL protocols on svn.redmine.org

Added by Ian Walker over 2 years ago

There are issues when attempting to do an svn update:

root@redmine:/var/www/redmine# svn update
Updating '.':
svn: E170013: Unable to connect to a repository at URL 'https://svn.redmine.org/redmine/branches/3.4-stable'
svn: E120171: Error running context: An error occurred during SSL communication

this currently happens on systems with updated SSL libraries libssl1.1 as well as libserf-1-1, and thus means nobody can connect to svn.redmine.org. Scanning, shows that svn.redmine.org only supports older SSL protocols, instead of newer ones, eg: TLS 1.1 or TLS 1.2. This could be resolved by fixing the server running svn.redmine.org to utilise upgraded SSL protocols instead of older ones which are being deprecated.

https://www.ssllabs.com/ssltest/analyze.html?d=svn.redmine.org

The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C.

whilst this can be solved for everyone to downgrade OpenSSL libraries/libserf on the server where they are attempting to connect from, this isn't an ideal solution as not all Linux distributions provide the ability to easily downgrade. Servers should be utilising the newer TLS/SSL protocols for security than utilising older protocols, which potentially could be a security risk.

It would be best, for svn.redmine.org to have the web server reconfigured to utilise these newer SSL/TLS protocols.

This currently affects the upcoming Debian Buster release. Possibly other distros also.

Replies (1)

RE: Problems with SVN and old SSL protocols on svn.redmine.org - Added by Karel Pičman almost 2 years ago

+1

A workaround (switch to HTTP protocol):

$ svn switch --relocate https://svn.redmine.org/redmine/branches/3.4-stable http://svn.redmine.org/redmine/branches/3.4-stable

(1-1/1)