Thursday, May 20, 2010

Java for Mac OS X 10.5 Update 7 causes problem with Eclipse SVN

Yesterday I updated my Mac Java version to Update 7 - it's always better to use new things, isn't it ? :) Alas, after the upgrade my Eclipse Subversion plugin stopped working - every attempt of interaction with SVN (browsing, commit etc) caused freezing.

After long and painful investigation I've narrowed the problem: it occurs when using SVNKit with some (not all) SVN servers that use HTTPS client certificate authentication. It turned out that Java Update 7 fixes a security vulnerability by disabling SSL renegotiation. As the server tries to renegotiate SSL session and client (using JSSE) refuses, the whole process enters infinite loop with SVNKit log showing "javax.net.ssl.SSLHandshakeException: renegotiation is not allowed".

The workaround is to re-enable SSL renegotiation in JSEE (yes, this means exposing yourself to the vulnerability again). To do this, set the JVM option allowUnsafeRenegotiation:

-Dsun.security.ssl.allowUnsafeRenegotiation=true
In case of Eclipse, it can be set in eclipse.ini.