Thanks Stefan for your response and pointers! There is no doubt my connections are already encrypted. The issue is that the external library I'm referring to supports specifying paths to source code using multiple protocols, e.g. svn:// (but also https://, http://, git://, ftp:// etc) and any svn:// source is generally considered insecure, just like http:// (but not for example https://). It is not verified in any way if that's actually the case, it's just based on the scheme prefix svn://
So, what I'm looking for is a way to ensure an svn client command is only allowed to execute if using an encrypted transport. E.g. something like: svn --enforce-encryption checkout svn://hostname/repository svn --min-encryption 128 checkout svn://hostname/repository (or --disallow-unencrypted-transport, --require-sasl etc) Using something like that I can hopefully convince the library maintainer to enable this flag by default and then consider an svn:// source secure by default (as connection would otherwise not succeed). I understand your point with that as long as "use-sasl = true" is configured on the server, the connection would abort if the client cannot communicate securely. However, this means that if this external library is pointed to a svn:// source with "use-sasl = false" the connection would succeed, which is what I'm trying to prevent here to guarantee no unencrypted connections are made. Hope my point came through better this time? Best regards, Nils-Johan On Thu, May 6, 2021 at 11:40 AM Stefan Sperling <s...@elego.de> wrote: > On Thu, May 06, 2021 at 11:21:57AM +0200, Nils-Johan Andreasson wrote: > > Hi there! > > > > I'm serving a repository using svnserve with SASL to make sure > > communication is always encrypted (config has use-sasl = true, > > min-encryption = 128 and max-encryption = 256). > > I know this enforces encryption server-side but is there any way to in > > addition also "require" encryption client-side? E.g. let's say if I do > 'svn > > checkout svn://my-insecure-host/repository' I want the command to abort > if > > the connection is not encrypted. > > The min-encryption paramter maps directly to the Cyrus SASL > secprops.min_ssf > paramter which is described here: > > https://www.cyrusimap.org/sasl/sasl/developer/programming.html#security-layers > > Quote: > "A connection supplying only integrity with no privacy would have an SSF > of 1. > A connection secured by 56-bit DES would have an SSF of 56. > To require a security layer, set min_ssf to the minimum acceptable security > layer strength." > > SVN servers and clients check the SASL_SSF property of their connection > here > and abort if SASL failed to negotiate encryption if encryption is > configured: > > https://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_ra_svn/cyrus_auth.c?revision=1875971&view=markup#l726 > > So your connections should already be encrypted. Perhaps the encryption > mechanism SASL is using is considered too weak by your external tool? > Would setting min-encryption = 256 help? > Or perhaps your external tool simply doesn't understand the SVN protocol? > > Cheers, > Stefan >
