The cert is 2048-bit RSA with SHA256 hash, so probably not old ciphers. I did import the cert, but possibly not in the right way. Is the import process documented anywhere? I just did the double click the pkcs12 file and accepted all the defaults import process.
On Thursday, August 8, 2019 at 12:29:35 PM UTC-4, Stefan wrote: > > > > On Thursday, August 8, 2019 at 6:16:32 PM UTC+2, SquishyZA wrote: >> >> What I am seeing: >> >> 1. Windows 2019 server fully updated >> 2. Install another CLI only SVN client and configure it to work with the >> SVN repo. >> 2.1. The SVN repo requires a SSL certificate to authenticate >> 2.2. Ensure that the configuration works >> 3. Download TortoiseSVN 1.12.2 64-bit and install with default options >> 3.1. Double check that TortoiseSVN uses the same server file as the CLI >> setup in step 2 >> 4. Try to update using TortoiseSVN from the repo. It fails with an SSL >> error >> 5. Try to update with the original SVN CLI: It works >> >> Work around: >> >> Create a registry key: HKCU\Software\TortoiseSVN\OpenSSLCapi as a DWORD >> and set its value to 0. After doing this TortoiseSVN works. >> >> > Since the e_capi module of OpenSSL is not included in a default build, > other svn clients usually don't have that OpenSSL module even built in. > > If the authentication fails if that module is enabled then that means that > the clients don't have the ssl certificate imported into the windows crypt > store. If they had, then it would/should work. > > > >> Other notes: >> >> I can reproduce the issue without step 2, so the other CLI does not >> "interfere". It is just a useful troubleshooting step and stopgap while >> TortoiseSVN was down. Older versions (1.10.?) did not have this problem, >> but sadly I can not remember precisely which version I had before I >> upgraded. > > > It could also be that your ssl certificate uses old ciphers which are not > included in the latest OpenSSL anymore. And TSVN uses the very latest > OpenSSL version, where other svn clients often use the LTS version of > OpenSSL which might have those old ciphers still enabled. > > Stefan > > > -- You received this message because you are subscribed to the Google Groups "TortoiseSVN" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tortoisesvn/68e8fdc7-e17c-4a7b-985a-47b854525727%40googlegroups.com.
