Applies to: VisualSVN Server 5.0 and later
VisualSVN Server allows administrators to choose from three TLS/SSL compatibility levels that enable certain versions of TLS or SSL protocols and certain cipher suites. These levels are based on the recommendations provided by Mozilla's Operations Security group and help administrators to select the compatibility and security level that best suits their environment and requirements.
VisualSVN Server 5.0 and later support the following compatibility levels:
Protocols: TLS 1.3.
This level provides a high level of security, but is only compatible with latest Subversion clients and browsers. Legacy web browsers and Subversion clients that do not support TLS 1.3 protocol are unable to connect to the server configured to use Modern TLS/SSL compatibility level.
Protocols: TLS 1.3, TLS 1.2.
This level is reasonably secure and is compatible with the widest range of client software.
Protocols: TLS 1.3, TLS 1.2, TLS 1.1 (deprecated), TLS 1.0 (deprecated).
Use this level only if you need to support outdated Subversion clients and browsers.
Configuring TLS/SSL compatibility level via VisualSVN Server Manager console
Follow these steps to change the TLS/SSL compatibility level through the management console:
- Start VisualSVN Server Manager console.
- Click Action | Properties.
- Click Network tab.
- In TLS/SSL compatibility level, click Change.
- Select the required compatibility level.
- Click OK.
- Click Apply.
Configuring TLS/SSL compatibility level via VisualSVN Server PowerShell
TLS/SSL compatibility level could be changed by running the
VisualSVN Server PowerShell cmdlet.
For example, run the following PowerShell command to configure VisualSVN Server with Modern TLS/SSL compatibility level:
Set-SvnServerConfiguration -SSLCompatibilityLevel Modern
History of changes
The list below summarizes the major changes to the TLS/SSL compatibility levels between different versions of VisualSVN Server:
- Remove deprecated TLS 1.0 and TLS 1.1 protocols from the Intermediate level.
- Remove TLS 1.2 protocol from the Modern level.
- Drop support for SSL 3.0.
- Enable support for TLS 1.3 protocol in all compatibility levels.
- Initial addition of the TLS/SSL compatibility levels.