Daniel Shahaf <danie...@elego.de> writes: > Garrison, Jim (ETW) wrote on Thu, Jun 14, 2012 at 10:49:47 -0700: >> >> This is going to cause major headaches for a lot of people. OpenSSL >> client versions 1.0.1 and later can and will cause earlier server >> versions to hang at CLIENT HELLO. There are options in the OpenSSL >> code to tailor the client behavior to avoid this, but they require >> the client applications (i.e. subversion) to support setting these >> options. For example >> >> ctx = SSL_CTX_new(...); >> SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2); >> >> What's the possibility of getting an enhancement to subversion to support >> this in its server configuration? > > Haven't read everything, but Subversion does not call SSL_CTX_new() at > all; its dependencies, libneon and/or libserf, do.
Both serf and neon do: SSL_CTX_set_options(ctx, SSL_OP_ALL); neon provides ne_ssl_context_set_flag() but it can only be used to set/clear SSL_OP_NO_SSLv2. -- Philip
