Applies to: VisualSVN Server 5.0 and later
This article describes the changes to the TLS/SSL compatibility levels in VisualSVN Server 5.0 due to Transport Layer Security (TLS) 1.0 and 1.1 being deprecated. The main change is that the default Intermediate TLS/SSL compatibility level in VisualSVN Server 5.0 no longer supports TLS 1.0 and TLS 1.1 protocols.
TLS/SSL compatibility levels in VisualSVN Server 5.0 and later
VisualSVN Server allows administrators to choose from three TLS/SSL compatibility levels that enable certain versions of TLS or SSL protocols and certain cipher suites. The following table shows how these levels are different in VisualSVN Server 5.0 compared to previous versions.
|VisualSVN Server 4.1 – 4.3||VisualSVN Server 5.0 and later|
|Modern||TLS 1.3, TLS 1.2||TLS 1.3|
|Intermediate||TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0||TLS 1.3, TLS 1.2|
|Legacy||TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0||TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0|
What happens during upgrade
When upgrading from versions prior to VisualSVN Server 5.0, the installation wizard will automatically suggest a new TLS/SSL compatibility level setting based on the current configuration. Please see the following table for details.
|Before upgrade||After upgrade||Notes|
Despite changing the level, this transition is transparent to
existing clients as both TLS 1.2 and TLS 1.3 remain enabled. To
maintain the highest level of security and performance, consider
switching back to the Modern level that now enables TLS 1.3 only.
When switching to the Modern level, ensure that your server is equipped with an SSL certificate that supports TLS 1.3. For additional details, see the KB154: Troubleshooting certificate issues related to TLS 1.3 support article.
|Intermediate||Intermediate||Upon the transition, clients using deprecated TLS 1.0 or TLS 1.1 will not be able to connect to the server. These may include any clients that have not been updated for a while. For example, it may be a relatively old Java-based client that is used for a build-server, bug-tracking system, or other third-party tool integrated with your server. If you need to maintain compatibility with old clients, consider lowering the level to Legacy.|
|Legacy||Legacy||Upon the transition, clients using deprecated SSL 3.0 will not be able to connect to the server. These clients must be updated to use a newer version of the TLS protocol, preferably TLS 1.2 or higher.|