Understanding TLS/SSL compatibility levels in VisualSVN Server

Applies to: VisualSVN Server 5.0 and later

VisualSVN Server allows administrators to choose from three TLS/SSL compatibility levels that enable certain versions of TLS or SSL protocols and certain cipher suites. These levels are based on the recommendations provided by Mozilla's Operations Security group and help administrators to select the compatibility and security level that best suits their environment and requirements.

VisualSVN Server 5.0 and later support the following compatibility levels:

• Modern

  Protocols: TLS 1.3.

  This level provides a high level of security, but is only compatible with latest Subversion clients and browsers. Legacy web browsers and Subversion clients that do not support TLS 1.3 protocol are unable to connect to the server configured to use Modern TLS/SSL compatibility level.

• Intermediate (default)

  Protocols: TLS 1.3, TLS 1.2.

  This level is reasonably secure and is compatible with the widest range of client software.

• Legacy

  Protocols: TLS 1.3, TLS 1.2, TLS 1.1 (deprecated), TLS 1.0 (deprecated).

  Use this level only if you need to support outdated Subversion clients and browsers.

Configuring TLS/SSL compatibility level via VisualSVN Server Manager console

Follow these steps to change the TLS/SSL compatibility level through the management console:

1. Start VisualSVN Server Manager console.
2. Click Action | Properties.
3. Click Network tab.
4. In TLS/SSL compatibility level, click Change.
5. Select the required compatibility level.
6. Click OK.
7. Click Apply.

Configuring TLS/SSL compatibility level via VisualSVN Server PowerShell

TLS/SSL compatibility level could be changed by running the Set-SvnServerConfiguration VisualSVN Server PowerShell cmdlet.

For example, run the following PowerShell command to configure VisualSVN Server with Modern TLS/SSL compatibility level:

Set-SvnServerConfiguration -SSLCompatibilityLevel Modern

History of changes

The list below summarizes the major changes to the TLS/SSL compatibility levels between different versions of VisualSVN Server:

• VisualSVN Server 5.0.0

  • Remove deprecated TLS 1.0 and TLS 1.1 protocols from the Intermediate level.
  • Remove TLS 1.2 protocol from the Modern level.
  • Drop support for SSL 3.0.

• VisualSVN Server 4.1.0

  • Enable support for TLS 1.3 protocol in all compatibility levels.

• VisualSVN Server 3.6.0

  • Initial addition of the TLS/SSL compatibility levels.

See also

KB143: Troubleshooting delays when accessing VisualSVN Server over HTTPS