during SSL communication
16 views
Skip to first unread message
Kenichi Saitou
Jul 4, 2024, 10:26:00 AM (4 days ago) Jul 4
to TortoiseSVN
Symptoms
----------------
With TortoiseSVN 1.14.5, when accessing the repository in the repository browser, a "TortoiseSVN SSL Client Certificate Selection" dialog appears, I specify a certificate and click the [OK] button.
However, the "TortoiseSVN SSL Client Certificate Selection" dialog is displayed again and after clicking the [OK] button several times, an error occurs as shown below and I cannot access the repository.
---
Unable to connect to a repository at URL
'https://subversion_host/svn/repository/'
Error running context: An error occurred during SSL communication
---
By performing the following two remedies, sometimes I can access the repository without the "TortoiseSVN SSL Client Certificate Selection" dialog being displayed. (Sometimes I can't, the conditions are unclear)
1. Write the following content in %APPDATA%/Subversion/servers.
[global]
ssl-client-cert-file=C:\mypath\svn_user.p12
ssl-client-cert-password=somepassword
2. Make the following setup in the registry.
Registry Key: HKEY_CURRENT_USER\Software\TortoiseSVN\OpenSSLCapi
DWORD Value: 0
Moreover, I found that the behavior changes depending on the version of TortoiseSVN.
With TortoiseSVN version 1.8.12-1.11.0 (OpenSSL 1.1.0 or earlier), I can access without any problems.
With TortoiseSVN version 1.10.4,1.10.5,1.12.0-1.14.5 (OpenSSL 1.1.x), I can access by setting the client certificate in the servers file.
However, as mentioned before, there are cases where I cannot access. The conditions are unclear.
With TortoiseSVN version 1.14.6,1.14.7 (OpenSSL 3.2.0), I cannot access even if I set the client certificate in the servers file.
System Configuration
----------------
We connect to Subversion via a reverse proxy.
Reverse proxy:
Apache/2.4.37
OpenSSL 1.1.1k
Subversion server:
Apache/2.4.6
svn, version 1.14.1 (r1886195)
The client certificate authentication is performed at the reverse proxy, and when I cannot access Subversion with this error, the error occurs at the reverse proxy.
No access is being made to the Subversion server.
----------------
Please tell me how to access with TortoiseSVN version 1.10.4,1.10.5,1.12.0-1.14.5 (OpenSSL 1.1.x) and how to access with TortoiseSVN version 1.14.6,1.14.7 (OpenSSL 3.2.0).
----------------
With TortoiseSVN 1.14.5, when accessing the repository in the repository browser, a "TortoiseSVN SSL Client Certificate Selection" dialog appears, I specify a certificate and click the [OK] button.
However, the "TortoiseSVN SSL Client Certificate Selection" dialog is displayed again and after clicking the [OK] button several times, an error occurs as shown below and I cannot access the repository.
---
Unable to connect to a repository at URL
'https://subversion_host/svn/repository/'
Error running context: An error occurred during SSL communication
---
By performing the following two remedies, sometimes I can access the repository without the "TortoiseSVN SSL Client Certificate Selection" dialog being displayed. (Sometimes I can't, the conditions are unclear)
1. Write the following content in %APPDATA%/Subversion/servers.
[global]
ssl-client-cert-file=C:\mypath\svn_user.p12
ssl-client-cert-password=somepassword
2. Make the following setup in the registry.
Registry Key: HKEY_CURRENT_USER\Software\TortoiseSVN\OpenSSLCapi
DWORD Value: 0
Moreover, I found that the behavior changes depending on the version of TortoiseSVN.
With TortoiseSVN version 1.8.12-1.11.0 (OpenSSL 1.1.0 or earlier), I can access without any problems.
With TortoiseSVN version 1.10.4,1.10.5,1.12.0-1.14.5 (OpenSSL 1.1.x), I can access by setting the client certificate in the servers file.
However, as mentioned before, there are cases where I cannot access. The conditions are unclear.
With TortoiseSVN version 1.14.6,1.14.7 (OpenSSL 3.2.0), I cannot access even if I set the client certificate in the servers file.
System Configuration
----------------
We connect to Subversion via a reverse proxy.
Reverse proxy:
Apache/2.4.37
OpenSSL 1.1.1k
Subversion server:
Apache/2.4.6
svn, version 1.14.1 (r1886195)
The client certificate authentication is performed at the reverse proxy, and when I cannot access Subversion with this error, the error occurs at the reverse proxy.
No access is being made to the Subversion server.
----------------
Please tell me how to access with TortoiseSVN version 1.10.4,1.10.5,1.12.0-1.14.5 (OpenSSL 1.1.x) and how to access with TortoiseSVN version 1.14.6,1.14.7 (OpenSSL 3.2.0).
Daniel Sahlberg
Jul 6, 2024, 2:56:03 PM (2 days ago) Jul 6
to TortoiseSVN
Most probably your certificate(s) are issued with a cipher suite that is no longer supported by OpenSSL 3 or with a length that is considered too short in OpenSSL 3. Can you check the certificates and possibly re-issue them with longer/better ciphers?
Kind regards,
Daniel
Reply all
Reply to author
Forward
0 new messages