Understanding TLS/SSL compatibility levels in VisualSVN Server

Applies to: VisualSVN Server 3.6, 3.7, 3.8, 3.9, 4.0, 4.1, 4.2, 4.3

Note
This article applies to an older version of VisualSVN Server. TLS/SSL compatibility levels for the most recent version of VisualSVN Server are described in the KB195: Understanding TLS/SSL compatibility levels in VisualSVN Server article.

VisualSVN Server allows administrators to choose from three TLS/SSL compatibility levels that enable certain versions of TLS or SSL protocols and certain cipher suites. These levels are based on the recommendations provided by Mozilla's Operations Security group and help administrators to select the compatibility and security level that best suits their environment and requirements.

VisualSVN Server 4.1 and later support the following compatibility levels:

  • Modern

    Protocols: TLS 1.3, TLS 1.2.

    This level provides a high level of security, but is only compatible with latest Subversion clients and browsers. Legacy web browsers, such as Internet Explorer 7 or older and Subversion clients that do not support TLS 1.2 or TLS 1.3 protocols are unable to connect to the server configured to use Modern TLS/SSL compatibility level.

  • Intermediate (default)

    Protocols: TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0.

    This level is reasonably secure and is compatible with the widest range of client software.

  • Legacy

    Protocols: TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0 (deprecated).

    Use this level only if you need to support outdated Subversion clients and browsers.

Configuring TLS/SSL compatibility level via VisualSVN Server Manager console

Follow these steps to change the TLS/SSL compatibility level through the management console:

  1. Start VisualSVN Server Manager console.
  2. Click Action | Properties.
  3. Click Network tab.
  4. In TLS/SSL compatibility level, click Change.
  5. Select the required compatibility level.
  6. Click OK.
  7. Click Apply.

Configuring TLS/SSL compatibility level via VisualSVN Server PowerShell

TLS/SSL compatibility level could be changed by running Set-SvnServerConfiguration VisualSVN Server PowerShell cmdlet. For example, run the following PowerShell command to configure VisualSVN Server with Modern TLS/SSL compatibility level: 

Set-SvnServerConfiguration -SSLCompatibilityLevel Modern

Learn more about Set-SvnServerConfiguration cmdlet in the dedicated section of the article KB88: VisualSVN Server PowerShell Cmdlet Reference

History of changes

The list below summarizes the major changes to the TLS/SSL compatibility levels between different versions of VisualSVN Server:

  • Version 4.1.0. Enable support for TLS 1.3 protocol in all compatibility levels.
  • Version 3.6.0. Initial addition of the TLS/SSL compatibility levels.

See also

KB143: Troubleshooting delays when accessing VisualSVN Server over HTTPS

Last Modified: