I realized today that TortoiseSVN switched to OpenSSL 1.1.1 (which does not support >= TLS 1.2 with client certificates, see https://github.com/openssl/openssl/issues/12859) in 1.10.4. Does anybody know, whether there is a solution coming up for this? Would be great to be able to use the latest TortoiseSVN. Cheers, Andreas
[email protected] schrieb am Dienstag, 3. September 2019 um 20:19:58 UTC+2: > > > On Thursday, August 8, 2019 at 6:29:35 PM UTC+2, Stefan wrote: >> >> >> >> On Thursday, August 8, 2019 at 6:16:32 PM UTC+2, SquishyZA wrote: >>> >>> >>> Work around: >>> >>> Create a registry key: HKCU\Software\TortoiseSVN\OpenSSLCapi as a DWORD >>> and set its value to 0. After doing this TortoiseSVN works. >>> >>> >> Since the e_capi module of OpenSSL is not included in a default build, >> other svn clients usually don't have that OpenSSL module even built in. >> >> If the authentication fails if that module is enabled then that means >> that the clients don't have the ssl certificate imported into the windows >> crypt store. If they had, then it would/should work. >> >> >> >>> Other notes: >>> >>> I can reproduce the issue without step 2, so the other CLI does not >>> "interfere". It is just a useful troubleshooting step and stopgap while >>> TortoiseSVN was down. Older versions (1.10.?) did not have this problem, >>> but sadly I can not remember precisely which version I had before I >>> upgraded. >> >> >> It could also be that your ssl certificate uses old ciphers which are not >> included in the latest OpenSSL anymore. And TSVN uses the very latest >> OpenSSL version, where other svn clients often use the LTS version of >> OpenSSL which might have those old ciphers still enabled. >> >> > I am also seeing this issue. When the server is running OpenSSL 1.1.1 with > TLS 1.2 enabled there is no chance OpenSSL will successfully use CAPI. The > same client cert works fine when configures in servers file so the issue is > not old ciphers. > > I have found this issue: > https://github.com/openssl/openssl/issues/8872 > > Also olszomal is on target here: > https://github.com/openssl/openssl/issues/5847#issuecomment-469248292 > > Using the very latest OpenSSL has some risks. Can you recommend a version > of TortoiseSVN before upgrading to OpenSSL 1.1? > > Thanks, > Thomas Å. > -- You received this message because you are subscribed to the Google Groups "TortoiseSVN" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tortoisesvn/077e9730-00a5-41cf-8b70-712f46e8779dn%40googlegroups.com.
