[PATCH] https: support tls sni (server name indication) for https urls (issue3090)
Matt Mackall
mpm at selenic.com
Tue Jan 13 12:25:31 CST 2015
On Tue, 2015-01-13 at 18:28 +0100, Julien Cristau wrote:
> On Tue, Jan 13, 2015 at 10:09:14 -0700, Alex Orange wrote:
>
> > Could you expand a little more on why create_default_context would be
> > any better? I'm looking to make a minimal change to the existing code,
> > which it looks like create_default_context would not be (having to
> > determine purpose for instance). Also, it sounds like the default
> > protocol version (PROTOCOL_SSLv23) is lower then what we want anyways.
>
> Actually PROTOCOL_SSLv23 is exactly what you want, AIUI. SSLv23 is
> badly named, it means "the best protocol version supported by both
> client and server" (meaning most likely TLS 1.1 or 1.2 these days),
> whereas PROTOCOL_TLSv1 means "TLS v1.0" and nothing newer. And the
> default python 2.7.9 settings disable SSLv2 and SSLv3, so at worst it'll
> give you TLS 1.0.
We support many versions of Python besides 2.7.9 though, and we want to
continue to disable non-TLS in all of them.
--
Mathematics is the supreme nostalgia of our time.
More information about the Mercurial-devel
mailing list