Bug 439601
Summary: | Neon compiled using GnuTLS library makes subversion fail | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Lorenzo Villani <lorenzo> |
Component: | neon | Assignee: | Joe Orton <jorton> |
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-03-29 22:15:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Lorenzo Villani
2008-03-29 14:49:19 UTC
Can you give the exact https:// URL used to reproduce this? Never mind, I can reproduce it. The problem seems to be that the SSL server at svn.kde.org is requiring use of an (insecure) DES cipher. I'll try to chase this up with the server administrators. I've mailed the KDE webmaster team, they can fix this on the server. GnuTLS doesn't support DES ciphersuites because DES is known to be broken, see http://www.ietf.org/internet-drafts/draft-ietf-tls-des-idea-01.txt Any mod_ssl install requiring use of a DES ciphersuite has undoubtedly been misconfigured, and should be fixed. Allowing use of insecure ciphersuites is simply not desirable; so I'm WONTFIXing this bug. I'll add a note here with feedback from the KDE guys. I meant to also say: thanks a lot for reporting the bug, in any case! No thanks to the Gentoo guys for discovering this 18 months ago and doing nothing about it :( I really hope they'll fix this issue soon. In the meanwhile can you provide a package compiled using OpenSSL as a work-around? (And remove it as soon as they fix their server configuration) You should be able to downgrade to the F8 package. http://koji.fedoraproject.org/koji/buildinfo?buildID=19535 The KDE guys have now fixed their server; can you verify with the Raw Hide svn? (I'm away from my normal test box at the moment) I tested it on my rawhide image inside VirtualBox and asked a friend to do the same test on his rawhide box and it seems that everything is fine. |