Easy way to use TLS over SSLv3

[Brad Baker]

With the new POODLE vulnerability in SSLv3, our organization has disabled SSLv3 communication.  So now when ivysvn tries to publish to our repository, ivysvn just hangs at 

"[ivy:install] Scheduling publish to <our-specified-url> "

Yet I can access the svn repository via command line with an "svn ls <our-specified-url>" command

I'm assuming ivysvn is still trying to use the old sslv3 communication. Is there a way to configure ivysvn to use the correct security protocol? Do I need to clear some kind of cache? Or alternatively could you point me to an area of the source code I could modify to support a new communication protocol? Otherwise we'll have to construct a new solution. 

Thanks in advance!

Brad

[Mass Dosage]

Hey Brad,

The connection to SVN is delegated to a library called SVNKit (see svnkit.com). If you look at the method createRepository() in this class:

https://code.google.com/p/ivysvn/source/browse/trunk/src/java/fm/last/ivy/plugins/svnresolver/SvnUtils.java

You will see the various SVNKit implementations it uses, these are documented in SVNKit's API here:

http://svnkit.com/javadoc/org/tmatesoft/svn/core/auth/package-summary.html

It could be that there is a new version of SVNKit that supports whatever has changed in SSL so it might be as simple as changing the version of SVNKit that ships with IvySvn to whatever the latest version shipped by SVNKit is. If you could try this and let me know that would be great (I'm hoping that if there are different versions that they are binary compatible). Alternatively perhaps IvySvn needs to be updated to use a different SVNKit Authentication object.

I don't actively develop IvySvn but I am very happy to accept patches and do releases of these, or do releases which just include version changes of third party libraries.

Let me know how you get on and if you need any help.

Regards,

Adrian

--
You received this message because you are subscribed to the Google Groups "ivysvn" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ivysvn+un...@googlegroups.com.
To post to this group, send email to ivy...@googlegroups.com.
Visit this group at http://groups.google.com/group/ivysvn.
For more options, visit https://groups.google.com/d/optout.

[Brad Baker]

We really appreciate the info Adrian. It turns out we just needed to upgrade to the latest svnkit.  

Thanks again,

Brad

[Greg Creager]

Ok we updated to svnkit 1.8.2 and that fixed the problem, thanx for the help

On Friday, October 24, 2014 9:56:16 AM UTC-6, Mass Dosage wrote:

[Mass Dosage]

OK, I shall add that to my TODO list and do an IvySvn release with the latest SvnKit at some point. Glad to know that has fixed it for you!