Error 'tlsv1 alert protocol version' when connecting to the server with an outdated Subversion client

Applies to: VisualSVN Server 5.0 and later

Symptoms

You may receive the following error message when connecting to VisualSVN Server using an outdated Subversion client that does not support TLS 1.2 and TLS 1.3:

svn: E175002: OPTIONS of 'https://svn1.example.com/svn/MyRepo': SSL handshake failed: SSL error: tlsv1 alert protocol version (https://svn1.example.com)

The following outdated client versions are affected:

  • TortoiseSVN version 1.7.8 or older.
  • Subversion command-line client version 1.8.x or older.
  • All clients based on Java 7 or older.

Cause

The default Intermediate TLS/SSL compatibility level in VisualSVN Server 5.0 no longer supports TLS 1.0 and TLS 1.1 protocols and enables only TLS 1.3 and TLS 1.2. The error occurs because the outdated Subversion client does not support the TLS protocol versions 1.2 and 1.3 and cannot establish a secure connection to VisualSVN Server.

Please read the article KB196: Changes to TLS/SSL compatibility levels related to the deprecation of TLS 1.0/1.1 for more information.

Resolution

Resolving this issue requires that you either upgrade all your outdated Subversion clients or change the TLS/SSL compatibility level to Legacy. You can find more information below.

Solution #1: Upgrading the Subversion client

Modern and up to date versions of the Subversion client support TLS 1.2 and 1.3. Upgrading your Subversion client will resolve the issue.

Solution #2: Changing the TLS/SSL compatibility level to Legacy

If you need to maintain compatibility with old Subversion clients that do not support TLS 1.2 and TLS 1.3, consider lowering the TLS/SSL compatibility level to Legacy. The Legacy level enables TLS 1.3, TLS 1.2, TLS 1.1 and TLS 1.0.

Follow these steps to change the TLS/SSL compatibility level through the VisualSVN Server Manager console:

  1. Start the VisualSVN Server Manager console.
  2. Click Action | Properties.
  3. Click the Network tab.
  4. In TLS/SSL compatibility level, click Change.
  5. Select the Legacy compatibility level.
  6. Click OK.
  7. Click Apply.

Upon clicking Apply, the VisualSVN Server services will restart and the Legacy TLS/SSL compatibility level will become active. For more information about the TLS/SSL compatibility levels, please read the article KB195.

Note
It is still strongly recommended that users upgrade Subversion clients to the latest version. When all users upgrade to the latest version, the TLS/SSL compatibility level can be changed back to Intermediate.

See also

KB174: Upgrading to VisualSVN Server 5.0
KB195: Understanding TLS/SSL compatibility levels in VisualSVN Server
KB196: Changes to TLS/SSL compatibility levels related to the deprecation of TLS 1.0/1.1

Last Modified: