<< Developer's Tool-chest | Home | Egregious IE Bug >>

SVN - parse tlsext Work-Around

UPDATE  (Apr 2, 2010):  Version 2.2.15 does seem to have fixed this issue - I'd recommend upgrading if possible.

It took me so long to find the solution to this problem that I just had to share...  Ever since last August, after upgrading Apache HTTPD from version 2.2.11 to version 2.2.13 I have had a nagging issue with my Subversion server and "parse tlsext" errors during large commits and other SVN operations (it seems I skipped version 2.2.12 for no apparent reason, but that version had the problem too).

SSL negotiation failed: SSL error: parse tlsext

According to comments on this page, "This issue is most propably because of using multiple SSL enabled VirtualHosts in Apache httpd 2.2.12 - 2.2.14 and OpenSSL 0.9.8f - 0.9.8l".  They do link to a mod_ssl patch which they claim works.  I did not try the patch myself, though - my SVN server is on Windows and I am not about to start building Apache on Windows, I will wait for the binaries to come!  The patch is from November, so hopefully it will make its way into 2.2.15, whenever it is released.

Work Around:
After a bit of Googling I found several forum/mailing-list posts which pointed to disabling Transport Layer Security (TLS) Extensions by adding the following to the VirtualHost entry in httpd-ssl.conf file

SSLProtocol -ALL +SSLv3

The critical part I had been missing was that this needs to be added to EACH VirtualHost using SSL on the same port.  Since I have multiple named VirtualHosts running on port 443, even though I had disabled TLS for the affected VirtualHost, TLS was still enabled on the port.  Once I applied this to all VirtualHosts on port 443 everything worked as it should.

Hope it helps someone...

Tags :
Social Bookmarks :  Add this post to Slashdot    Add this post to Digg    Add this post to Reddit    Add this post to Delicious    Add this post to Stumble it    Add this post to Google    Add this post to Technorati    Add this post to Bloglines    Add this post to Facebook    Add this post to Furl    Add this post to Windows Live    Add this post to Yahoo!

Export this post as PDF document  Export this post to PDF document

Re: SVN - parse tlsext Work-Around

I'm not sure how I feel about disabling TLS, but this solved the problem on my Arch server with openssl 1.0.0c. Thanks for posting this.

Add a comment Send a TrackBack