[PATCH] https: support tls sni (server name indication) for https urls (issue3090)
Alex Orange
crazycasta at gmail.com
Tue Jan 13 12:40:53 CST 2015
Just to clarify (I understand the confusion), SSLContext has not been
available until Python 2.7.9, so no changes we make here will have any
effect on Python versions less then 2.7.9.
Alex
On Tue, Jan 13, 2015 at 11:25 AM, Matt Mackall <mpm at selenic.com> wrote:
> On Tue, 2015-01-13 at 18:28 +0100, Julien Cristau wrote:
> > On Tue, Jan 13, 2015 at 10:09:14 -0700, Alex Orange wrote:
> >
> > > Could you expand a little more on why create_default_context would be
> > > any better? I'm looking to make a minimal change to the existing code,
> > > which it looks like create_default_context would not be (having to
> > > determine purpose for instance). Also, it sounds like the default
> > > protocol version (PROTOCOL_SSLv23) is lower then what we want anyways.
> >
> > Actually PROTOCOL_SSLv23 is exactly what you want, AIUI. SSLv23 is
> > badly named, it means "the best protocol version supported by both
> > client and server" (meaning most likely TLS 1.1 or 1.2 these days),
> > whereas PROTOCOL_TLSv1 means "TLS v1.0" and nothing newer. And the
> > default python 2.7.9 settings disable SSLv2 and SSLv3, so at worst it'll
> > give you TLS 1.0.
>
> We support many versions of Python besides 2.7.9 though, and we want to
> continue to disable non-TLS in all of them.
>
> --
> Mathematics is the supreme nostalgia of our time.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://selenic.com/pipermail/mercurial-devel/attachments/20150113/9baaaf6f/attachment.html>
More information about the Mercurial-devel
mailing list