SSLv3 Vulnerability Addressed

Last month a vulnerability was discovered for SSLv3 by the name of POODLE (Padding Oracle On Downgraded Legacy Encryption) allowing man-in-the-middle attackers to view encrypted information in plain text. With that said, SSLv3 is no longer secure and we have removed this protocol from our servers in favor of TLS.

For most of you, this will be completely transparent, however there are still some SVN clients which rely on SSLv3 for encryption during communication with remote repositories. Unfortunately, these clients will not be able to interact with our servers over https and attempts to do so will now likely result in an SSL handshake error.

If you have been experiencing this issue recently, please be sure to update your client to the latest version. Upgrading has solved the issue for most of our customers experiencing this. If upgrading your client does not work for you, feel free to contact us at Support so we can assist you further.

We hope to see SVN clients that rely solely on SSLv3 get updated to support TLS in the near future.

More technical details on the POODLE vulnerability can be found here: