Mercurial failing on TLSv1.2 repos, but I wrote a patch

Matt Mackall mpm at
Mon Jul 20 15:49:20 CDT 2015

On Mon, 2015-07-20 at 17:24 +0000, Warren Melnick wrote:
> Then how can I enable TLSv1.2 if TLSv1.0 is hardcoded, which is what
> this code does?  Or perhaps TLSv1.2 should be hardcoded already since
> there are already problems with TLSv1.0 and 1.1

What version of Python are you using?

If 2.7.9, you should be getting this code path, which should do TLS v1.0
or higher:

For older versions of Python, you'll hit this path:

because the OP_* bits to do fine-grained selection aren't available.

(The current known problems in TLSv1.0 and v1.1 can all be mitigated by
clients and libraries, whereas SSLv2/v3 issues like POODLE are
fundamentally unfixable in the protocol.)

Mathematics is the supreme nostalgia of our time.

More information about the Mercurial-devel mailing list