Results 1 to 2 of 2

Thread: SVN checkout fails with error 'SSL handshake failed: Secure connection truncated'

  1. #1

    Default SVN checkout fails with error 'SSL handshake failed: Secure connection truncated'

    Hi,


    I have a fresh install of OpenSUSE 12.3 (64 bit). I have set up an SVN repository, which I serve using apache over https (for security reasons). Trying to browse the repositories at https://localhost/svn/master/ works perfectly.


    However, an SVN checkout (from a clear home directory on the server itself):


    Code:
    svn checkout https://localhost/svn/master/0045_http_lib/

    fails with the following error:


    Code:
    svn: E175002: Unable to connect to a repository at URL 'https://localhost/svn/master/0045_http_lib'
    svn: E175002: OPTIONS of 'https://localhost/svn/master/0045_http_lib': SSL handshake failed: Secure connection truncated (https://localhost)

    I tried to diagnose the problem using openssl. The following command:


    Code:
    openssl s_client -tls1_2 -connect localhost:443

    fails with the following error:


    Code:
    CONNECTED(00000003)
    139721060136616:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
    ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 0 bytes and written 0 bytes
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : 0000
        Session-ID: 
        Session-ID-ctx: 
        Master-Key: 
        Key-Arg   : None
        PSK identity: None
        PSK identity hint: None
        SRP username: None
        Start Time: 1371737468
        Timeout   : 7200 (sec)
        Verify return code: 0 (ok)
    ---

    However, passing -tls1_1 or -tls1 instead of -tls1_2 works fine.


    Does anybody know why this happens? Or, if this is a known bug, whether there is a workaround?


    Many thanks,
    Stefan.


    P.S. Note: The same server configuration seeemed to work fine on OpenSUSE 12.2.

  2. #2

    Default Re: SVN checkout fails with error 'SSL handshake failed: Secure connection truncated'

    I have fixed the problem.

    In case it proves useful for anybody in the future, the solution was to re-issue the server certificate. I suspect the problem was related to a mismatch between the actual server name and the common name in the certificate. Some while ago, the IP of the server had changed, but I kept using the old certificate. The only side effect was a warning, which I used to ignore, as this was a more-or-less private server anyway. That is, until I reached OpenSUSE version 12.3, which seems to be more strict and require a match.

    Cheers,
    Stefan.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •