Regarding my question in the thread titled "When connecting to an https server
force use of TLS or SSLv3?".
I asked that before I fully understood the problem, which is actually due to a
backwards incompatibility in the newest OpenSSL libraries (1.0.1c) used by
Subversion. Essentially, the newest client library can cause older servers to
hang when it sends a TLSv1.2 handshake.
The release notes for OpenSSL 1.0.1c contain (changes between 1.0.1 and 1.0.1a):
*) Workarounds for some broken servers that "hang" if a client hello
record length exceeds 255 bytes.
1. Do not use record version number > TLS 1.0 in initial client
hello: some (but not all) hanging servers will now work.
2. If we set OPENSSL_MAX_TLS1_2_CIPHER_LENGTH this will truncate
the number of ciphers sent in the client hello. This should be
set to an even number, such as 50, for example by passing:
-DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 to config or Configure.
Most broken servers should now work.
3. If all else fails setting OPENSSL_NO_TLS1_2_CLIENT will disable
TLS 1.2 client support entirely.
Is there any way, other than completely rebuilding svn locally, to use these
workarounds?
