[PATCH] https: support tls sni (server name indication) for https urls (issue3090)
Julien Cristau
julien.cristau at logilab.fr
Tue Jan 13 11:28:55 CST 2015
On Tue, Jan 13, 2015 at 10:09:14 -0700, Alex Orange wrote:
> Could you expand a little more on why create_default_context would be
> any better? I'm looking to make a minimal change to the existing code,
> which it looks like create_default_context would not be (having to
> determine purpose for instance). Also, it sounds like the default
> protocol version (PROTOCOL_SSLv23) is lower then what we want anyways.
Actually PROTOCOL_SSLv23 is exactly what you want, AIUI. SSLv23 is
badly named, it means "the best protocol version supported by both
client and server" (meaning most likely TLS 1.1 or 1.2 these days),
whereas PROTOCOL_TLSv1 means "TLS v1.0" and nothing newer. And the
default python 2.7.9 settings disable SSLv2 and SSLv3, so at worst it'll
give you TLS 1.0.
Cheers,
Julien
--
Julien Cristau <julien.cristau at logilab.fr>
Logilab http://www.logilab.fr/
Informatique scientifique & gestion de connaissances
More information about the Mercurial-devel
mailing list