Mercurial failing on TLSv1.2 repos, but I wrote a patch

Warren Melnick wmelnick at millenniumweb.com
Mon Jul 20 16:01:36 CDT 2015


I am using 2.6.  It hits that line which says TLSv1 (line 55, as highlighted in your example).  TLSv1 is NOT TLSv1.x, it is TLSv1.0 only.  The only one that gives the choice of TLS is SSLv23, it is just very poorly named.  See the chart here: https://docs.python.org/2/library/ssl.html#socket-creation
-- 
Warren Melnick
Director of IT & Security


Millennium Communications 
6900 Jericho Tpke., Suite 100LL
Syosset, NY  11791 
Tel:      516-682-8080 x258
Fax:     516-682-9090 
Web:    www.millenniumweb.com <http://www.millenniumweb.com/>
Email:  wmelnick at millenniumweb.com

This electronic message transmission contains information from Millennium Communications, Inc. that may be confidential or privileged. The information is intended to be for the use of only the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is strictly prohibited. If you have received this electronic transmission in error, please notify the sender by replying to this e-mail and immediately deleting this email and any attachments from your system along with any copies you may have made, electronic or otherwise.
 










On 7/20/15, 4:49 PM, "Matt Mackall" <mpm at selenic.com> wrote:

>On Mon, 2015-07-20 at 17:24 +0000, Warren Melnick wrote:
>> Then how can I enable TLSv1.2 if TLSv1.0 is hardcoded, which is what
>> this code does?  Or perhaps TLSv1.2 should be hardcoded already since
>> there are already problems with TLSv1.0 and 1.1
>
>What version of Python are you using?
>
>If 2.7.9, you should be getting this code path, which should do TLS v1.0
>or higher:
>
>https://selenic.com/hg/file/tip/mercurial/sslutil.py#l31
>
>For older versions of Python, you'll hit this path:
>
>https://selenic.com/hg/file/tip/mercurial/sslutil.py#l53
>
>because the OP_* bits to do fine-grained selection aren't available.
>
>(The current known problems in TLSv1.0 and v1.1 can all be mitigated by
>clients and libraries, whereas SSLv2/v3 issues like POODLE are
>fundamentally unfixable in the protocol.)
>
>-- 
>Mathematics is the supreme nostalgia of our time.
>


More information about the Mercurial-devel mailing list