Philip Martin wrote on Fri, Jun 15, 2012 at 16:32:13 +0100: > Daniel Shahaf <danie...@elego.de> writes: > > > Garrison, Jim (ETW) wrote on Thu, Jun 14, 2012 at 10:49:47 -0700: > >> > >> This is going to cause major headaches for a lot of people. OpenSSL > >> client versions 1.0.1 and later can and will cause earlier server > >> versions to hang at CLIENT HELLO. There are options in the OpenSSL > >> code to tailor the client behavior to avoid this, but they require > >> the client applications (i.e. subversion) to support setting these > >> options. For example > >> > >> ctx = SSL_CTX_new(...); > >> SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2); > >> > >> What's the possibility of getting an enhancement to subversion to support > >> this in its server configuration? > > > > Haven't read everything, but Subversion does not call SSL_CTX_new() at > > all; its dependencies, libneon and/or libserf, do. > > Both serf and neon do: > > SSL_CTX_set_options(ctx, SSL_OP_ALL); > > neon provides ne_ssl_context_set_flag() but it can only be used to > set/clear SSL_OP_NO_SSLv2.
I assume that's with the latest stable release of each?
