Problem accessing server using TLS1.2
2,005 views
Skip to first unread message
Bartosz Brodecki
Jan 7, 2013, 12:06:42 AM1/7/13
to us...@tortoisesvn.tigris.org
Hi,
I use new svn server which uses apache and OpenSSL library (v.1.0.0 or higher) and requiring user certificates.
Server allow connection with TLS 1.2.
I tested TSVN 1.7.11 and nightlybuild from last Friday.
And both can't connect with error:
Unable to connect to a repository at URL 'https://myserver/repo'
OPTIONS of 'https://myserver/repo': SSL handshake failed: SSL
error: unsupported algorithm nid (https://myserver)
Other clients, like Opera and Chrome web browsers can access this SVN server (using TLS 1.2)
It seems that TSVN don't send user certificate.
Maybe I can set that TSVN will use only TLS 1.1 or TLS 1.0?
One more information: TSVN 1.7.6 (which uses TLS 1.0) works correct with this server.
BR,
Bartosz
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3041429
To unsubscribe from this discussion, e-mail: [users-un...@tortoisesvn.tigris.org].
I use new svn server which uses apache and OpenSSL library (v.1.0.0 or higher) and requiring user certificates.
Server allow connection with TLS 1.2.
I tested TSVN 1.7.11 and nightlybuild from last Friday.
And both can't connect with error:
Unable to connect to a repository at URL 'https://myserver/repo'
OPTIONS of 'https://myserver/repo': SSL handshake failed: SSL
error: unsupported algorithm nid (https://myserver)
Other clients, like Opera and Chrome web browsers can access this SVN server (using TLS 1.2)
It seems that TSVN don't send user certificate.
Maybe I can set that TSVN will use only TLS 1.1 or TLS 1.0?
One more information: TSVN 1.7.6 (which uses TLS 1.0) works correct with this server.
BR,
Bartosz
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3041429
To unsubscribe from this discussion, e-mail: [users-un...@tortoisesvn.tigris.org].
Stefan Küng
Jan 7, 2013, 2:58:53 PM1/7/13
to us...@tortoisesvn.tigris.org
On 07.01.2013 06:06, Bartosz Brodecki wrote:
> Hi,
>
> I use new svn server which uses apache and OpenSSL library (v.1.0.0 or higher) and requiring user certificates.
> Server allow connection with TLS 1.2.
>
> I tested TSVN 1.7.11 and nightlybuild from last Friday.
> And both can't connect with error:
> Unable to connect to a repository at URL 'https://myserver/repo'
> OPTIONS of 'https://myserver/repo': SSL handshake failed: SSL
> error: unsupported algorithm nid (https://myserver)
>
> Other clients, like Opera and Chrome web browsers can access this SVN server (using TLS 1.2)
>
> It seems that TSVN don't send user certificate.
>
> Maybe I can set that TSVN will use only TLS 1.1 or TLS 1.0?
>
> One more information: TSVN 1.7.6 (which uses TLS 1.0) works correct with this server.
I'm not sure if neon (the default DAV lib Subversion uses in 1.7) even
> Hi,
>
> I use new svn server which uses apache and OpenSSL library (v.1.0.0 or higher) and requiring user certificates.
> Server allow connection with TLS 1.2.
>
> I tested TSVN 1.7.11 and nightlybuild from last Friday.
> And both can't connect with error:
> Unable to connect to a repository at URL 'https://myserver/repo'
> OPTIONS of 'https://myserver/repo': SSL handshake failed: SSL
> error: unsupported algorithm nid (https://myserver)
>
> Other clients, like Opera and Chrome web browsers can access this SVN server (using TLS 1.2)
>
> It seems that TSVN don't send user certificate.
>
> Maybe I can set that TSVN will use only TLS 1.1 or TLS 1.0?
>
> One more information: TSVN 1.7.6 (which uses TLS 1.0) works correct with this server.
supports TLS above 1.1.
You can try with the serf library:
http://tortoisesvn.net/faq.html#useserf
maybe that will work.
Stefan
--
___
oo // \\ "De Chelonian Mobile"
(_,\/ \_/ \ TortoiseSVN
\ \_/_\_/> The coolest interface to (Sub)version control
/_/ \_\ http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3041663
Bartosz Brodecki
Jan 9, 2013, 12:12:07 AM1/9/13
to us...@tortoisesvn.tigris.org
Hi,
using serf library makes different error (but I get possibility to select user certificate):
And still TSVN start using TLS1.2.
I even upgraded TSVN to the newest nightly builds and still no luck.
I'm sure that TSVN start negotiation using TSVN 1.2 (I also use different apps that only support TLS 1.0, and there are no problem, and no TLS1.2 from the client).
Below is presented logs from apache server (with debug ssl):
[Wed Jan 09 04:35:40 2013] [debug] ssl_engine_kernel.c(1884): OpenSSL: Write: SSLv3 read client certificate B
[Wed Jan 09 04:35:40 2013] [debug] ssl_engine_kernel.c(1903): OpenSSL: Exit: error in SSLv3 read client certificate B
[Wed Jan 09 04:35:40 2013] [debug] ssl_engine_kernel.c(1903): OpenSSL: Exit: error in SSLv3 read client certificate B
[Wed Jan 09 04:35:40 2013] [info] [client xxx.xxx.0.6] SSL library error 1 in handshake (server myserver:443)
[Wed Jan 09 04:35:40 2013] [info] SSL Library Error: 336105671 error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate No CAs known to server for verification?
[Wed Jan 09 04:35:40 2013] [info] [client xxx.xxx.0.6] Connection closed to child 6 with abortive shutdown (server myserver:443)
From sniffer I see that there are some problems with sending client certificate. After packet with user certificate server drops connection (by sending error with handshake).
Please help.
Bartek
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3042006
using serf library makes different error (but I get possibility to select user certificate):
Unable to connect to a repository at URL 'https://myserver/repo'
Error running context: An error occurred during SSL communication
And still TSVN start using TLS1.2.
I even upgraded TSVN to the newest nightly builds and still no luck.
I'm sure that TSVN start negotiation using TSVN 1.2 (I also use different apps that only support TLS 1.0, and there are no problem, and no TLS1.2 from the client).
Below is presented logs from apache server (with debug ssl):
[Wed Jan 09 04:35:40 2013] [debug] ssl_engine_kernel.c(1884): OpenSSL: Write: SSLv3 read client certificate B
[Wed Jan 09 04:35:40 2013] [debug] ssl_engine_kernel.c(1903): OpenSSL: Exit: error in SSLv3 read client certificate B
[Wed Jan 09 04:35:40 2013] [debug] ssl_engine_kernel.c(1903): OpenSSL: Exit: error in SSLv3 read client certificate B
[Wed Jan 09 04:35:40 2013] [info] [client xxx.xxx.0.6] SSL library error 1 in handshake (server myserver:443)
[Wed Jan 09 04:35:40 2013] [info] SSL Library Error: 336105671 error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate No CAs known to server for verification?
[Wed Jan 09 04:35:40 2013] [info] [client xxx.xxx.0.6] Connection closed to child 6 with abortive shutdown (server myserver:443)
From sniffer I see that there are some problems with sending client certificate. After packet with user certificate server drops connection (by sending error with handshake).
Please help.
Bartek
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3042006
Simon Large
Jan 9, 2013, 9:07:42 AM1/9/13
to us...@tortoisesvn.tigris.org
On 9 January 2013 05:12, Bartosz Brodecki <bar...@nsense.net> wrote:
> Hi,
>
> using serf library makes different error (but I get possibility to select user certificate):
> Unable to connect to a repository at URL 'https://myserver/repo'
> Error running context: An error occurred during SSL communication
>
> And still TSVN start using TLS1.2.
> I even upgraded TSVN to the newest nightly builds and still no luck.
>
> I'm sure that TSVN start negotiation using TSVN 1.2 (I also use different apps that only support TLS 1.0, and there are no problem, and no TLS1.2 from the client).
>
> Below is presented logs from apache server (with debug ssl):
> [Wed Jan 09 04:35:40 2013] [debug] ssl_engine_kernel.c(1884): OpenSSL: Write: SSLv3 read client certificate B
> [Wed Jan 09 04:35:40 2013] [debug] ssl_engine_kernel.c(1903): OpenSSL: Exit: error in SSLv3 read client certificate B
> [Wed Jan 09 04:35:40 2013] [debug] ssl_engine_kernel.c(1903): OpenSSL: Exit: error in SSLv3 read client certificate B
> [Wed Jan 09 04:35:40 2013] [info] [client xxx.xxx.0.6] SSL library error 1 in handshake (server myserver:443)
> [Wed Jan 09 04:35:40 2013] [info] SSL Library Error: 336105671 error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate No CAs known to server for verification?
> [Wed Jan 09 04:35:40 2013] [info] [client xxx.xxx.0.6] Connection closed to child 6 with abortive shutdown (server myserver:443)
>
> From sniffer I see that there are some problems with sending client certificate. After packet with user certificate server drops connection (by sending error with handshake).
Have you tried the official subversion command line client? If that
> Hi,
>
> using serf library makes different error (but I get possibility to select user certificate):
> Unable to connect to a repository at URL 'https://myserver/repo'
> Error running context: An error occurred during SSL communication
>
> And still TSVN start using TLS1.2.
> I even upgraded TSVN to the newest nightly builds and still no luck.
>
> I'm sure that TSVN start negotiation using TSVN 1.2 (I also use different apps that only support TLS 1.0, and there are no problem, and no TLS1.2 from the client).
>
> Below is presented logs from apache server (with debug ssl):
> [Wed Jan 09 04:35:40 2013] [debug] ssl_engine_kernel.c(1884): OpenSSL: Write: SSLv3 read client certificate B
> [Wed Jan 09 04:35:40 2013] [debug] ssl_engine_kernel.c(1903): OpenSSL: Exit: error in SSLv3 read client certificate B
> [Wed Jan 09 04:35:40 2013] [debug] ssl_engine_kernel.c(1903): OpenSSL: Exit: error in SSLv3 read client certificate B
> [Wed Jan 09 04:35:40 2013] [info] [client xxx.xxx.0.6] SSL library error 1 in handshake (server myserver:443)
> [Wed Jan 09 04:35:40 2013] [info] SSL Library Error: 336105671 error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate No CAs known to server for verification?
> [Wed Jan 09 04:35:40 2013] [info] [client xxx.xxx.0.6] Connection closed to child 6 with abortive shutdown (server myserver:443)
>
> From sniffer I see that there are some problems with sending client certificate. After packet with user certificate server drops connection (by sending error with handshake).
also fails then you could try asking on the subversion users mailing
list.
Simon
--
: ___
: oo // \\ "De Chelonian Mobile"
: (_,\/ \_/ \ TortoiseSVN
: /_/ \_\ http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3042113
Bartosz Brodecki
Jan 11, 2013, 2:53:29 AM1/11/13
to us...@tortoisesvn.tigris.org
> On 9 January 2013 05:12, Bartosz Brodecki <bartek at nsense dot net> wrote:
> > Hi,
> >
> > using serf library makes different error (but I get possibility to select user certificate):
> > Unable to connect to a repository at URL 'https://myserver/repo'
> > Error running context: An error occurred during SSL communication
> >
> > And still TSVN start using TLS1.2.
> > I even upgraded TSVN to the newest nightly builds and still no luck.
> >
> > I'm sure that TSVN start negotiation using TSVN 1.2 (I also use different apps that only support TLS 1.0, and there are no problem, and no TLS1.2 from the client).
> >
> > Below is presented logs from apache server (with debug ssl):
> > [Wed Jan 09 04:35:40 2013] [debug] ssl_engine_kernel.c(1884): OpenSSL: Write: SSLv3 read client certificate B
> > [Wed Jan 09 04:35:40 2013] [debug] ssl_engine_kernel.c(1903): OpenSSL: Exit: error in SSLv3 read client certificate B
> > [Wed Jan 09 04:35:40 2013] [debug] ssl_engine_kernel.c(1903): OpenSSL: Exit: error in SSLv3 read client certificate B
> > [Wed Jan 09 04:35:40 2013] [info] [client xxx.xxx.0.6] SSL library error 1 in handshake (server myserver:443)
> > [Wed Jan 09 04:35:40 2013] [info] SSL Library Error: 336105671 error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate No CAs known to server for verification?
> > [Wed Jan 09 04:35:40 2013] [info] [client xxx.xxx.0.6] Connection closed to child 6 with abortive shutdown (server myserver:443)
> >
> > From sniffer I see that there are some problems with sending client certificate. After packet with user certificate server drops connection (by sending error with handshake).
>
> Have you tried the official subversion command line client? If that
> also fails then you could try asking on the subversion users mailing
> list.
>
> Simon
Hi,
> > Hi,
> >
> > using serf library makes different error (but I get possibility to select user certificate):
> > Unable to connect to a repository at URL 'https://myserver/repo'
> > Error running context: An error occurred during SSL communication
> >
> > And still TSVN start using TLS1.2.
> > I even upgraded TSVN to the newest nightly builds and still no luck.
> >
> > I'm sure that TSVN start negotiation using TSVN 1.2 (I also use different apps that only support TLS 1.0, and there are no problem, and no TLS1.2 from the client).
> >
> > Below is presented logs from apache server (with debug ssl):
> > [Wed Jan 09 04:35:40 2013] [debug] ssl_engine_kernel.c(1884): OpenSSL: Write: SSLv3 read client certificate B
> > [Wed Jan 09 04:35:40 2013] [debug] ssl_engine_kernel.c(1903): OpenSSL: Exit: error in SSLv3 read client certificate B
> > [Wed Jan 09 04:35:40 2013] [debug] ssl_engine_kernel.c(1903): OpenSSL: Exit: error in SSLv3 read client certificate B
> > [Wed Jan 09 04:35:40 2013] [info] [client xxx.xxx.0.6] SSL library error 1 in handshake (server myserver:443)
> > [Wed Jan 09 04:35:40 2013] [info] SSL Library Error: 336105671 error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate No CAs known to server for verification?
> > [Wed Jan 09 04:35:40 2013] [info] [client xxx.xxx.0.6] Connection closed to child 6 with abortive shutdown (server myserver:443)
> >
> > From sniffer I see that there are some problems with sending client certificate. After packet with user certificate server drops connection (by sending error with handshake).
>
> Have you tried the official subversion command line client? If that
> also fails then you could try asking on the subversion users mailing
> list.
>
> Simon
I can access SVN using Unix* svn command line, or using different web-browser (like chrome, opera - they support TLS1.2, firefox - using TLS1.0).
For me some solution will be possibilities to disable support for TLS1.2 at TSVN config files.
BR,
Bartek
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3042635
Bruce Plutchak
May 7, 2013, 8:09:59 PM5/7/13
to us...@tortoisesvn.tigris.org, Bartosz Brodecki
Hi,
Do you know if this issue regarding TLS 1.2 have been resolved?
I have a similar error connecting to my SVN repository using TSVN 1.7.12. My Apache server requires user certificates.
I cannot connect to my SVN repository (Apache 2.2.22 , OpenSSL v1.0.0 or higher ) using a TSVN version higher than 1.7.6 (TLS1.2 support started in TSVN 1.7.7).
Also, if I try the TSVN nigtly builds, I can only connect to repositories running earlier version of OpenSSL.
You said:
>It seems that TSVN don't send user certificate.
Is that true.
You said:
>For me some solution will be possibilities to disable support for TLS1.2 at TSVN config files.?
Were you able to do this?
Regards,
Bruce
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3055085
Do you know if this issue regarding TLS 1.2 have been resolved?
I have a similar error connecting to my SVN repository using TSVN 1.7.12. My Apache server requires user certificates.
I cannot connect to my SVN repository (Apache 2.2.22 , OpenSSL v1.0.0 or higher ) using a TSVN version higher than 1.7.6 (TLS1.2 support started in TSVN 1.7.7).
Also, if I try the TSVN nigtly builds, I can only connect to repositories running earlier version of OpenSSL.
You said:
>It seems that TSVN don't send user certificate.
You said:
>For me some solution will be possibilities to disable support for TLS1.2 at TSVN config files.?
Were you able to do this?
Regards,
Bruce
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3055085
Bartosz Brodecki
May 8, 2013, 12:07:49 AM5/8/13
to us...@tortoisesvn.tigris.org
Hi,
I didn't have time to solve this.
I use older version of apache (2.2.20) and openssl (1.0.0e) and these works with newest TSVN.
BR,
Bartek
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3055090
I didn't have time to solve this.
I use older version of apache (2.2.20) and openssl (1.0.0e) and these works with newest TSVN.
BR,
Bartek
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3055090
Reply all
Reply to author
Forward
0 new messages