Nils-Johan Andreasson wrote on Thu, May 06, 2021 at 14:48:01 +0200:
> Is there a way (command) to remotely determine if the svn server behind
> 'hostname' has sasl enabled/uses encryption/enforces a min_ssf >= 128?
> Preferably without having to send any authentication credentials (to not
> risk sending anything in clear text).
Possibly. Look into the handshake in subversion/libsvn_ra_svn/protocol,
Section 2, specifically the «auth-request» line (the second thing the
server sends).
You can try it on a toy example like this:
% svnadmin create r
% ${EDITOR:-ed} r/conf/svnserve.conf
% printf '%s\n' '( 2 ( edit-pipeline ) 17:svn://localhost/r )' | svnserve
-i -r ./
Or on a real server with something like this:
% printf '( 2 ( edit-pipeline ) %d:%s )\n' "$(printf %s "$url" | wc -c)"
"$url" | nc $url 3690
When I do that I get "Could not obtain the list of SASL mechanisms"
(E170001 SVN_ERR_RA_NOT_AUTHORIZED), but you should get an actual
response. Does that response provide the information you seek?
> If so, an initialization step could hopefully be added which determines
> whether the source is deemed to be secure to access or not.
