An SSL connection method for CVS (sserver)

Rolf Wilms , 2005-07-03



Using the CVS SSL plugin Eclipse can connect to CVS and CVSNT over TCP/IP in a secure way with minimum installation effort. New releases of CVSNT support the sserver protocol out-of-the-box.


Client Requirements

Server Requirements

Download the Plug-in

Check this site for downloads and updates


Copy this plug-in into your Eclipse plugins folder and restart Eclipse.


After installation, there are two additional options named cvsnt-sserver and cvs-sserver available from the connection type selection drop-down list in the settings for a CVS repository location. Selecting one of these protocols will use the sserver connection method for the repository location.

Use cvsnt-sserver for CVSNT sserver and cvs-sserver for sserver on Unix CVS.


In Preferences/Team/CVS there is an additional preference page named SSL Connection Method. This preference page works with either connection type. Here you specify which certificates and keys to use for SSL:

Preference Setting Description
Accept All Accepts all certificates from the server, no matter how these are signed. This is useful if you're only interested in the encrytion provided by SSL and just don't care about certificates.
Default Truststore Use the truststore provided by standard/default Java settings for verifying server certificates.
Custom Truststore Provide a custom truststore for verifying server certificates.
Truststore File The file with the custom truststore
Truststore Password The password for the custom truststore
Default Keystore Use the keystore provided by standard/default Java settings for keeping client keys and certificates.
Custom Keystore Provide a custom keystore for keeping client keys and certificates.
Keystore File The file with the custom keystore
Keystore Password The password for the custom keystore

With the default settings you should be able to connect to CVSNT using sserver as if you were using pserver and the SSL layer used with sserver only provides the encryption. The actual authentication against the server still relies on the mechanisms known from pserver.

During SSL handshake the Preferences/Team/CVS/Communication timeout value is used, which defaults to 60 seconds. If you experience timeout problems you may try raising this value.


The whole traffic between client and server can be traced and printed to stdout. This is configured using the .options file located in the CVS SSL plugin folder. The .options file defaults are: = false = false
which disables logging the traffic. It can be enabled by setting the options to = true = true
These options can also be set on the Tracing page of the PDE launcher if you start Eclipse from within Eclipse.

The trace output combines messages from the server and the client. Messages sent by the client are prefixed with "C>" and messages from the server are prefixed with "S>".

Useful commands


The CVSNT documentation is here.

If you are interested in using your own certificates, consult the JavaTM Secure Socket Extension (JSSE) Reference Guide, especially Installation and Customization. Also don't miss keytool - Key and Certificate Management Tool.

For conversion between different certificate file formats you may use OpenSSL. Then you can


You may send feedback concerning this plugin to Rolf Wilms ( I'm interested in bug reports but also like to know if it works for you.


See about.html.

Release Notes

Version 3.1.0, 2005-07-03

Version 3.0.7, 2004-04-28

Version 3.0.6, 2004-04-13

Version 1.0.6, 2004-04-09

Version 1.0.4, 2004-01-07

Version 1.0.3, 2004-01-05

Version 1.0.2, 2003-08-31

Version 1.0.1, 2003-08-11

Version 1.0.0, 2003-05-31