升级 ubuntu 20.04 后 svn update 失败
svn: E170013: Unable to connect to a repository at URL 'https://svn.xxx.com
svn: E120171: Error running context: An error occurred during SSL communication使用 curl -v 检查如下
curl -v https://svn.xxx.com
* Trying 192.168.0.254:443...
* TCP_NODELAY set
* Connected to svn.xxx.com (192.168.0.254) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, bad certificate (554):
* SSL certificate problem: EE certificate key too weak
* Closing connection 0
curl: (60) SSL certificate problem: EE certificate key too weak
More details here: https://curl.haxx.se/docs/sslcerts.htmlUbuntu 20.04 出现 SSL_connect: error:1425F102 .. unsupported protocol问题的解决
ubuntu 20.04 将 TLS 最低版本设置为 1.2,从而导致认证失败
修改/etc/ssl/openssl.cnf,在 oid_section = new_oids下增加
openssl_conf = default_conf
[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1.1
CipherString = DEFAULT@SECLEVEL=1重新测试如下
$ curl -v https://svn.xxx.com
* Trying 192.168.0.254:443...
* TCP_NODELAY set
* Connected to svn.xxx.com (192.168.0.254) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self signed certificate
* Closing connection 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html