Red Hat Bugzilla – Bug 439601
Neon compiled using GnuTLS library makes subversion fail
Last modified: 2008-04-10 13:47:44 EDT
Description of problem:
It seems that on rawhide the neon library (most notably used in subversion) is
linked through GnuTLS library for SSL support.
This library seems to be the cause of errors like:
svn: PROPFIND request failed on '/home/kde/trunk/KDE/kdelibs'
svn: PROPFIND of '/home/kde/trunk/KDE/kdelibs': SSL negotiation failed:
SSL alert received: Handshake failed (https://svn.kde.org)
Re-building neon using OpenSSL instead of GnuTLS solved the problem.
Reference to Gentoo Bugzilla bug id: http://bugs.gentoo.org/show_bug.cgi?id=148306
Version-Release number of selected component: 0.28.1-2
On rawhide use Subversion client linked against neon + GnuTLS to checkout a copy
of any of KDE modules. It will probably fail with the error above.
Can you give the exact https:// URL used to reproduce this?
Never mind, I can reproduce it.
The problem seems to be that the SSL server at svn.kde.org is requiring use of
an (insecure) DES cipher. I'll try to chase this up with the server administrators.
I've mailed the KDE webmaster team, they can fix this on the server.
GnuTLS doesn't support DES ciphersuites because DES is known to be broken, see
Any mod_ssl install requiring use of a DES ciphersuite has undoubtedly been
misconfigured, and should be fixed. Allowing use of insecure ciphersuites is
simply not desirable; so I'm WONTFIXing this bug. I'll add a note here with
feedback from the KDE guys.
I meant to also say: thanks a lot for reporting the bug, in any case!
No thanks to the Gentoo guys for discovering this 18 months ago and doing
nothing about it :(
I really hope they'll fix this issue soon. In the meanwhile can you provide a
package compiled using OpenSSL as a work-around? (And remove it as soon as they
fix their server configuration)
You should be able to downgrade to the F8 package.
The KDE guys have now fixed their server; can you verify with the Raw Hide svn?
(I'm away from my normal test box at the moment)
I tested it on my rawhide image inside VirtualBox and asked a friend to do the
same test on his rawhide box and it seems that everything is fine.