[ET Trac] #2069: connection failures to svn.cactuscode.org
Roland Haas
trac-noreply at einsteintoolkit.org
Wed Nov 6 14:45:00 CST 2024
#2069: connection failures to svn.cactuscode.org
Reporter: Roland Haas
Status: wontfix
Milestone:
Version: development version
Type: bug
Priority: minor
Component: EinsteinToolkit website
Changes (by Roland Haas):
status: wontfix (was open)
I am getting connection failures to svn.cactuscode.org using svn 1.9.7 on Debian buster (which is starting to phase out tls 1.0 and 1.1 support https://lists.debian.org/debian-devel-announce/2017/08/msg00004.html). Namely I get:
ET_Hack$ svn checkout https://svn.cactuscode.org/projects/ExternalLibraries/zlib/
svn: E170013: Unable to connect to a repository at URL 'https://svn.cactuscode.org/projects/ExternalLibraries/zlib'
svn: E120171: Error running context: An error occurred during SSL communication
and openssl shows:
ET_Hack$ openssl s_client -connect svn.cactuscode.org:443
CONNECTED(00000003)
140481992824064:error:14171102:SSL routines:tls_process_server_hello:unsupported protocol:../ssl/statem/statem_clnt.c:917:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 86 bytes and written 183 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1503529726
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
systems which still allow tls1.0 (eg the QueenBee login nodes) return
$ openssl s_client -connect svn.cactuscode.org:443
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = US, ST = MI, L = Ann Arbor, O = Internet2, OU = InCommon, CN = InCommon RSA Server CA
verify return:1
depth=0 C = US, postalCode = 70803, ST = Louisiana, L = Baton Rouge, street = 110 Thomas Boyd, O = Louisiana State University, OU = LSU A & M, CN = svn.cactuscode.org
verify return:1
CONNECTED(00000003)
---
Certificate chain
0 s:/C=US/postalCode=70803/ST=Louisiana/L=Baton Rouge/street=110 Thomas Boyd/O=Louisiana State University/OU=LSU A & M/CN=svn.cactuscode.org
i:/C=US/ST=MI/L=Ann Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA Server CA
1 s:/C=US/ST=MI/L=Ann Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA Server CA
i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGgDCCBWigAwIBAgIQHqWvzUQZraL+FC0Gui4TnTANBgkqhkiG9w0BAQsFADB2
MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjES
MBAGA1UEChMJSW50ZXJuZXQyMREwDwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMW
SW5Db21tb24gUlNBIFNlcnZlciBDQTAeFw0xNTEyMDEwMDAwMDBaFw0xODExMzAy
MzU5NTlaMIG3MQswCQYDVQQGEwJVUzEOMAwGA1UEERMFNzA4MDMxEjAQBgNVBAgT
CUxvdWlzaWFuYTEUMBIGA1UEBxMLQmF0b24gUm91Z2UxGDAWBgNVBAkTDzExMCBU
aG9tYXMgQm95ZDEjMCEGA1UEChMaTG91aXNpYW5hIFN0YXRlIFVuaXZlcnNpdHkx
EjAQBgNVBAsMCUxTVSBBICYgTTEbMBkGA1UEAxMSc3ZuLmNhY3R1c2NvZGUub3Jn
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA40EHmQwApNBq6wt6VyZ0
hWbeCpkOkYENmksB9kPtxzVSz0gK26nnPl68wyb3gTLN3qhfkH9rxlPNuQoo9L3q
5WnIAUrPgzz+afP/kXMzeUtD4GdKx4NhSFnOaVE8rimz2EiOAx7BC8uxfT+EOJ3i
C07jwSKg8l+1M0SH1BQqjPK8HeVkfAP2jWQVBAThz/TMvs6P9w4yH8aKsUO2DpOw
ocRUvEEvYd6cc4ouuJkhCkosw4NUHC5gCuuoJcVo8wuqR1F+aE8qvtG1CKNTkU6M
5QZgPcqQ4ENwM3SJTlSrWIsqebu24NDacmxc32K2CwLeBEQHM5YCKj1UAODAmtZB
aBD3w7lVO0odunOWI+E/R9NARSpwyCBBCv43TDPDKp48Nmffaj7nhSRIl4hFxtTW
FTC3rkoHL5fuSFWZBNVJDD7iYFsSovDUep9gAAd8szjQQdwdUTIY/ad/xFjS8UX+
Q6myUkLfBDnSQp2lMrDBYmrOBUacwMkFI4gJEyZpWA3RXAZloa8Mmopq8bHthgCN
OjMDf7JAsXNo7OP7n3TIe52XVKtaYpK6OVpZelCaY7huYv/5+oZdqk0A4+ij5RBl
4GukstJQcLSErYiyheesAeSBwXMfQch57uhiB/bUL5W5lRE34Ru6gAckTt7E/Uji
d9jAJ7K/ISCyp2qn9NDRtycCAwEAAaOCAcYwggHCMB8GA1UdIwQYMBaAFB4Fo3eP
bJbiW4dLprSGrHEADOc4MB0GA1UdDgQWBBSuuHX667Gw/EAO8dHJCvbWxYzPHTAO
BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD
AQYIKwYBBQUHAwIwZwYDVR0gBGAwXjBSBgwrBgEEAa4jAQQDAQEwQjBABggrBgEF
BQcCARY0aHR0cHM6Ly93d3cuaW5jb21tb24ub3JnL2NlcnQvcmVwb3NpdG9yeS9j
cHNfc3NsLnBkZjAIBgZngQwBAgIwRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2Ny
bC5pbmNvbW1vbi1yc2Eub3JnL0luQ29tbW9uUlNBU2VydmVyQ0EuY3JsMHUGCCsG
AQUFBwEBBGkwZzA+BggrBgEFBQcwAoYyaHR0cDovL2NydC51c2VydHJ1c3QuY29t
L0luQ29tbW9uUlNBU2VydmVyQ0FfMi5jcnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9v
Y3NwLnVzZXJ0cnVzdC5jb20wHQYDVR0RBBYwFIISc3ZuLmNhY3R1c2NvZGUub3Jn
MA0GCSqGSIb3DQEBCwUAA4IBAQA8RerhAuPvOngiT4cSmhtiFp+r+i4hXzKB3UwU
J3mjgrOQz3AxbmW1A9CyMEPAxtAhM1GdPmSR8T/KeGEE5/We5uVO1SvFpSA8BmsC
7vjirkNLVMlrIrDM89uUwJi5m/i7yupqhoxdReuuz4NP8PJqzOWSaU4uSvU98/Jq
1K5m4dsFdB+cW4EnO70Qv3Htl7AZUZHCNhRvbmtilQcAa+wTTYzBtJFiQ/GufDd8
DSMAa4icWq80UDdilikkt4IiMsFyEHJ0R6Jwppf3VnWD2Z+AtM5wEY6/Z4Loy0nn
G/yFK5/d8vXprdFI2D3kfEx7YyMldqUwsfeEmu8Lk5bd4zqN
-----END CERTIFICATE-----
subject=/C=US/postalCode=70803/ST=Louisiana/L=Baton Rouge/street=110 Thomas Boyd/O=Louisiana State University/OU=LSU A & M/CN=svn.cactuscode.org
issuer=/C=US/ST=MI/L=Ann Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA Server CA
---
No client certificate CA names sent
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 5565 bytes and written 445 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 02B9ECA6650E99DAB46E41D229C6B6317D5B6649DE5602AAACB85DDA3D4BCB7F
Session-ID-ctx:
Master-Key: 6A79D044DE035A170C384CFFD2AD5B15B5691D518F04597E9A2BA9ED4A14CE93A18B0AB3D9CF65EC73A913FA7AC364EB
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1503529970
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
DONE
and only fail if tls1.2 is forced:
$ openssl s_client -connect svn.cactuscode.org:443 -tls1_2
CONNECTED(00000003)
47690330324936:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:339:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 7 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1503530008
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
Is there any chance of having LSU update their webserver so that it offer tls 1.2 (around since August 2008)?
Note that chances are that Ubuntu (which branches off from Debian unstable regularly) will pick up this change soon affecting the majority of our new Linux ET users.
For Debian this is a blocker since it prevents me from even downloading the code.
**Keyword:** SSL
Comment (by Roland Haas):
svn.cactuscode.org no longer exists
--
Ticket URL: https://bitbucket.org/einsteintoolkit/tickets/issues/2069/connection-failures-to-svncactuscodeorg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.einsteintoolkit.org/pipermail/trac/attachments/20241106/27a59cb8/attachment-0001.htm>
More information about the Trac
mailing list