SSL negotiation failed: SSL error: parse tlsext
Submitted by Markus on December 6, 2009 - 13:35
When I tried to update the SVN code repositories, I got a SSL error:
PROPPATCH of
'/codes/home_projects/!svn/wrk/202ce844-28c0-
f54f-a96e-8e5dcf47e73e/trunk/code/wtools/lib/jboss-seam.jar':
SSL negotiation failed: SSL error: parse tlsext
(https://lnx.markusvirtanen.com)
This occured only with very large updates and at first I thought it could have something to do with the SSL timeout. Instead, it was caused by TLS Hostname extensions described in RFC 3546.
To fix the issue, I had to disable the TLSv1 support from the httpd:
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
# SSLProtocol all -SSLv2
SSLProtocol all -SSLv2 -TLSv1
Software versions affected are TortoiseSVN 1.6.6.17493 and Apache HTTPd 2.2.13.
/markus
