Mercurial failing on TLSv1.2 repos, but I wrote a patch
Matt Mackall
mpm at selenic.com
Mon Jul 20 15:49:20 CDT 2015
On Mon, 2015-07-20 at 17:24 +0000, Warren Melnick wrote:
> Then how can I enable TLSv1.2 if TLSv1.0 is hardcoded, which is what
> this code does? Or perhaps TLSv1.2 should be hardcoded already since
> there are already problems with TLSv1.0 and 1.1
What version of Python are you using?
If 2.7.9, you should be getting this code path, which should do TLS v1.0
or higher:
https://selenic.com/hg/file/tip/mercurial/sslutil.py#l31
For older versions of Python, you'll hit this path:
https://selenic.com/hg/file/tip/mercurial/sslutil.py#l53
because the OP_* bits to do fine-grained selection aren't available.
(The current known problems in TLSv1.0 and v1.1 can all be mitigated by
clients and libraries, whereas SSLv2/v3 issues like POODLE are
fundamentally unfixable in the protocol.)
--
Mathematics is the supreme nostalgia of our time.
More information about the Mercurial-devel
mailing list