jbl...@icloud.com wrote on Thu, Dec 17, 2015 at 16:46:12 -0700: > Setting up Apache for https is a bit heavy and SSH requires the > existence of local users.
svn+ssh:// requires the existence of *one* local user, which be locked down with command="svnserve -t",no-x11-forwarding, etc., in authorized_keys(5). > Has there been any thought to added SSL/TLS to the svn protocol? > > Adding TLS doesn't seem like it would be > that hard and would help when using SASL/LDAP when passing plaintext > passwords. It's not clear to me what your concern is, whether it is avoiding password-based authentication, or achieving full on-the-wire encryption, or something else. In any case, I suspect it would be far less work to simply document how to configure SASL with full on-the-wire encryption and client certificates. Or perhaps stunnel, which has its pros and cons (e.g., an SSL vulnerability won't compromise the svn process). Cheers, Daniel
