Hi there! I'm serving a repository using svnserve with SASL to make sure communication is always encrypted (config has use-sasl = true, min-encryption = 128 and max-encryption = 256). I know this enforces encryption server-side but is there any way to in addition also "require" encryption client-side? E.g. let's say if I do 'svn checkout svn://my-insecure-host/repository' I want the command to abort if the connection is not encrypted.
The background to this question is that I'm using an external library which sees all usage of svn:// protocol as insecure. In our case, it doesn't make sense since we have encryption configured but to be able to use svn:// URLs I need to configure this library to allow "insecure connections" which affects a lot of other things and also creates warnings, unnecessarily. My idea would be to suggest the library maintainer to let me configure an additional parameter/config to supply to the svn binary to make sure connection is only allowed if encrypted, e.g. 'svn --enforce-encryption checkout svn://my-insecure-url/repository'. By that, the library could trust connections to always be encrypted for a specific svn:// URL instead of having to turn on a more library-wide "always allow unencrypted connections" which is generally a bad idea. Any ideas if this is achievable? Thanks in advance! Best regards, NJ
