Changes to TLS/SSL compatibility levels related to the deprecation of TLS 1.0/1.1

Applies to: VisualSVN Server 5.0 and later

This article describes the changes to the TLS/SSL compatibility levels in VisualSVN Server 5.0 due to Transport Layer Security (TLS) 1.0 and 1.1 being deprecated. The main change is that the default Intermediate TLS/SSL compatibility level in VisualSVN Server 5.0 no longer supports TLS 1.0 and TLS 1.1 protocols.

TLS/SSL compatibility levels in VisualSVN Server 5.0 and later

VisualSVN Server allows administrators to choose from three TLS/SSL compatibility levels that enable certain versions of TLS or SSL protocols and certain cipher suites. The following table shows how these levels are different in VisualSVN Server 5.0 compared to previous versions.

VisualSVN Server 4.1 – 4.3 VisualSVN Server 5.0 and later
Modern TLS 1.3, TLS 1.2 TLS 1.3
Intermediate TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0 TLS 1.3, TLS 1.2
Legacy TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0 TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0
Note
VisualSVN Server 5.0 also features other changes in TLS/SSL compatibility settings that are not directly related to the deprecation of TLS 1.0 and TLS 1.1 protocols. This includes dropping support for the outdated SSL 3.0 protocol.

What happens during upgrade

When upgrading from versions prior to VisualSVN Server 5.0, the installation wizard will automatically suggest a new TLS/SSL compatibility level setting based on the current configuration. Please see the following table for details.

TLS/SSL compatibility levels suggested during upgrade to VisualSVN Server 5.0 and later
Before upgrade After upgrade Notes
Modern Intermediate Despite changing the level, this transition is transparent to existing clients as both TLS 1.2 and TLS 1.3 remain enabled. To maintain the highest level of security and performance, consider switching back to the Modern level that now enables TLS 1.3 only.
Note
When switching to the Modern level, ensure that your server is equipped with an SSL certificate that supports TLS 1.3. For additional details, see the KB154: Troubleshooting certificate issues related to TLS 1.3 support article.
Intermediate Intermediate Upon the transition, clients using deprecated TLS 1.0 or TLS 1.1 will not be able to connect to the server. These may include any clients that have not been updated for a while. For example, it may be a relatively old Java-based client that is used for a build-server, bug-tracking system, or other third-party tool integrated with your server. If you need to maintain compatibility with old clients, consider lowering the level to Legacy.
Legacy Legacy Upon the transition, clients using deprecated SSL 3.0 will not be able to connect to the server. These clients must be updated to use a newer version of the TLS protocol, preferably TLS 1.2 or higher.

See also

KB195: Understanding TLS/SSL compatibility levels in VisualSVN Server

Last Modified: