CollabNet Enterprise Edition

My pages		Projects		Community		openCollabNet

Projects > subversion

Project tools

Project home

Membership

How do I...

Category	Featured projects
scm	Subversion, Subclipse, TortoiseSVN, RapidSVN
issuetrack	Scarab
requirements	xmlbasedsrs
design	ArgoUML
techcomm	SubEtha, eyebrowse, midgard, cowiki
construction	antelope, scons, frameworx, build-interceptor, propel, phing
testing	maxq, aut
deployment	current
process	ReadySET
libraries	GEF, Axion, Style, SSTree
Over 500 more tools...

Subversion and IDEs
Eclipse
JDeveloper
NetBeans
Visual Studio

Tigris.org (Whole-Site) Admin Contacts
Announcements mail list
Status Blog at WordPress
@tigrisdotorg on Twitter
Problem reports on the whole site
Problems and suggestions about individual projects should go to users@thatproject.tigris.org

Discussions > users [DISABLED] > Re: Secure connection truncated due to libneon and 1.6.4

subversion
Discussion topic

Back to topic list

Re: Secure connection truncated due to libneon and 1.6.4

Hide message headers

Header	From: Michael Diers <mdiers@elego.de> To: wildbit@gmail.com Message-Id: <4A9E4FD7.1050802@elego.de> Subject: Re: Secure connection truncated due to libneon and 1.6.4 MIME-Version: 1.0 List-Id: <users.subversion.tigris.org> Precedence: bulk Received: from localhost ([127.0.0.1]) by Mail Reader Service (JAMES SMTP Server 2.3.0) with SMTP ID 245 for <users@subversion.tigris.org.mrs>; Wed, 2 Sep 2009 03:58:50 -0700 (PDT) Received: from cylon2.sjc.collab.net (cylon2.sjc.collab.net [204.16.104.18]) by sc157-tigr.sjc.collab.net (Postfix) with ESMTP id 21A45FCC060 for <users@subversion.tigris.org>; Wed, 2 Sep 2009 03:58:50 -0700 (PDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAEvtnUpYxjaF/2dsb2JhbADaWYQbBQ X-IronPort-AV: E=Sophos;i="4.44,318,1249282800"; d="scan'208";a="30643641" X-IRONPORT: SCANNED Received: from mx0.elegosoft.com ([88.198.54.133]) by cylon2.sjc.collab.net with ESMTP; 02 Sep 2009 03:58:49 -0700 Received: from localhost (localhost [127.0.0.1]) by mx0.elegosoft.com (Postfix) with ESMTP id 757FA1B4A1C; Wed, 2 Sep 2009 12:58:48 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mx0.elegosoft.com Received: from mx0.elegosoft.com ([127.0.0.1]) by localhost (mx0.elegosoft.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id acFvK75EIbBQ; Wed, 2 Sep 2009 12:58:34 +0200 (CEST) Received: from [127.0.0.1] (mx0.elegosoft.com [88.198.54.133]) by mx0.elegosoft.com (Postfix) with ESMTP id CD1441B4A10; Wed, 2 Sep 2009 12:58:34 +0200 (CEST) Date: Wed, 02 Sep 2009 12:58:31 +0200 Organization: elego Software Solutions GmbH User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) CC: users@subversion.tigris.org References: <cddac7340909011113sab87f3bg6890e91ef86f7c17@mail.gmail.com> In-Reply-To: <cddac7340909011113sab87f3bg6890e91ef86f7c17@mail.gmail.com> X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
Author	mdiers
Full name	Michael Diers
Date	2009-09-02 03:58:50 PDT
Message	Chris Nagele wrote: > We've been trying to fix a strange issue at Beanstalk after migrating > to Rackspace. I want to share the experience as it might help others. > > PROBLEM > > A small group of users were getting this error upon connecting to svn: > > svn: OPTIONS of > 'https://myaccount.svn.beanstalkapp.com/myproject/trunk': SSL > negotiation failed: Secure connection truncated > (https://myaccount.svn.beanstalkapp.com) > > We found some commonality between them: > > * Using Ubuntu 9.04, Fedora 11, Debian 5 > * Using SVN 1.5 client or later > > It worked with: > * ubuntu 8.04 - subversion 1.4.6 > > A customer compiled Subversion against serf and it worked for him. He > used libssl 0.9.8 and libserf instead of libneon. > > SOLUTION > > We have a Cisco load balancer (CSS) and had the ssl traffic decrypted > there instead of doing it on the servers. The problem is that the CSS > can't support TLS 1.1 connections. To fix this, we need to move SSL > back to each server instance. > > We tested and this problem did not exist with the server using 1.6.3. > I read that this is to due to supporting only serf in 1.6.4, but I am > not sure. Ideally we would like to still use the CSS. If anyone has a > recommendation it would be greatly appreciated. Chris, Debian and Ubuntu have switched to using libneon27-gnutls instead of libneon27, so neon is now using GNU TLS instead of OpenSSL. There are open bugs concerning SSL issues with this configuration, although it's usually to do with client certificates. https://bugs.launchpad.net/bugs/480041 Note that Subversion in Ubuntu 8.04 is in fact using libneon27 (or libneon26, I forget), the OpenSSL version of neon. As mentioned in the above bug report, you could try this as a workaround: * install libneon27 (in addition to libneon27-gnutls) * LD_PRELOAD=/usr/lib/libneon.so.27 svn ... -- Michael Diers, elego Software Solutions GmbH, http://www.elego.de

« Previous message in topic | 2 of 2 | Next message in topic »

Messages

Show all messages in topic

Subject	Author	Full name	Date posted +
Secure connection truncated due to libneon and 1.6.4	Chris Nagele <wildbit at gmail dot com>	Chris Nagele <wildbit at gmail dot com>	2009-09-01 11:13:04 PDT
Re: Secure connection truncated due to libneon and 1.6.4	mdiers	Michael Diers	2009-09-02 03:58:50 PDT

Messages per page: