You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Nick Wright <ni...@lsd.net.nz> on 2003/10/01 08:50:43 UTC
Re: SSL related error
Hi - yes I do:
SSLProtocol -all +SSLv2
SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP
This was from the Apache2 SSL/TLS howto page.
I have changed the lines to this (from the same page):
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM
..problem solved - thanks!
Would you like me to leave the server set up with the old flags for a while?
Nick.
> Have you got any SSLCipherSuite lines in your server config?
>
> This bug is being trigged because an SSLv2 connection is getting
> negotiated here rather than SSLv3/TLSv1 as one would expect from this
> combination of an OpenSSL client and server.
>
> joe
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: SSL related error
Posted by Joe Orton <jo...@manyfish.co.uk>.
On Wed, Oct 01, 2003 at 08:50:43PM +1200, Nick Wright wrote:
> Hi - yes I do:
>
> SSLProtocol -all +SSLv2
> SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP
>
> This was from the Apache2 SSL/TLS howto page.
> I have changed the lines to this (from the same page):
>
> SSLProtocol all
> SSLCipherSuite HIGH:MEDIUM
>
> ..problem solved - thanks!
>
> Would you like me to leave the server set up with the old flags for a while?
No, thanks, I can reproduce the bug here now I've worked out what was
different about your server. The recommended default config is to use
no SSLProtocol line and this cipher suite config:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
for best compatiblity with web browsers.
Regards,
joe
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org