Your message dated Fri, 9 Nov 2018 20:40:07 -0500
with message-id <[email protected]>
and subject line Re: Bug#913324: [subversion] Bad error message when trying to
connect to TLS 1.0-only server
has caused the Debian Bug report #913324,
regarding [subversion] Bad error message when trying to connect to TLS 1.0-only
server
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
913324: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913324
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: subversion
Version: 1.10.3-1+b1
Severity: normal
--- Please enter the report below this line. ---
Apparently, subversion (or some of the libraries it uses) no longer
support TLS 1.0. When I try to connect to a server that supports TLS 1.0
only, I get the following error message:
> LANG=C svn update
Updating '.':
svn: E170013: Unable to connect to a repository at URL […]
svn: E120171: Error running context: An error occurred during SSL
communication
It took me a while to find out that this was a TLS version problem. The
subversion client should give an error message that clearly indicates
that the problem is lack of client support for TLS 1.0 during an attempt
to connect to a TLS 1.0-only server.
Philipp
--- System information. ---
Architecture: Kernel: Linux 4.19.0-rc7-amd64
Debian Release: buster/sid
500 unstable ftp.de.debian.org 500 testing
ftp.de.debian.org 500 jessie apt.z.cash 1 experimental
ftp.de.debian.org
--- Package information. ---
Depends (Version) | Installed
===============================-+-================
libsvn1 (= 1.10.3-1+b1) | 1.10.3-1+b1
libapr1 (>= 1.5.0) | 1.6.3-2
libaprutil1 (>= 1.3.2+dfsg) | 1.6.1-2
libc6 (>= 2.4) | libsasl2-2 |
Package's Recommends field is empty.
Suggests (Version) | Installed
=================================-+-===========
db5.3-util | 5.3.28+dfsg1-0.2
libapache2-mod-svn | patch |
2.7.6-3
subversion-tools | 1.10.3-1+b1
--- End Message ---
--- Begin Message ---
On Fri, Nov 09, 2018 at 04:12:15PM +0100, Philipp Klaus Krause wrote:
> Apparently, subversion (or some of the libraries it uses) no longer
> support TLS 1.0.
That would be OpenSSL -- see /usr/share/doc/libssl1.1/NEWS.Debian.gz. I
would suggest installing apt-listchanges and configuring it to show you
the NEWS entries when upgrading.
> When I try to connect to a server that supports TLS 1.0
> only, I get the following error message:
>
> > LANG=C svn update
> Updating '.':
> svn: E170013: Unable to connect to a repository at URL […]
> svn: E120171: Error running context: An error occurred during SSL
> communication
>
> It took me a while to find out that this was a TLS version problem. The
> subversion client should give an error message that clearly indicates
> that the problem is lack of client support for TLS 1.0 during an attempt
> to connect to a TLS 1.0-only server.
This was discussed upstream[0] and their FAQ[1] and release notes[2]
were updated with hints about potential issues around this.
Subversion itself can't really provide much more information. It's
multiple layers removed from the original error, and _is_ relaying the
information that bubbled up through those layers.
[0]:
https://mail-archives.apache.org/mod_mbox/subversion-dev/201807.mbox/%3C5f95e4fe-6975-d320-33d8-3dcda66710da%40spinor.com%3E
[1]: https://subversion.apache.org/faq.html#ssl-communication-error
[2]: https://subversion.apache.org/docs/release-notes/1.10#new-ca-keys
Cheers,
--
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
--- End Message ---
