[PATCH 3 of 5 V3] sslutil: require TLS 1.1+ when supported
gregory.szorc at gmail.com
Thu Jul 14 22:47:48 EDT 2016
On Thu, Jul 14, 2016 at 6:18 PM, Pierre-Yves David <
pierre-yves.david at ens-lyon.org> wrote:
> On 07/14/2016 06:50 AM, Gregory Szorc wrote:
> > # HG changeset patch
> > # User Gregory Szorc <gregory.szorc at gmail.com>
> > # Date 1468470954 25200
> > # Wed Jul 13 21:35:54 2016 -0700
> > # Node ID b4527c8cec88824c15936f64e7d5ea59c5d54bee
> > # Parent 6a6d56e1391ff7e1468ef1b44b7e4c5cbe406f7b
> > sslutil: require TLS 1.1+ when supported
> This change is scary (as in, a large base of our user will probably
> explode) but I think I agree we should do it.
> However, I would probably advocate to actually change the default at the
> beginning of the 4.0 cycle to have a longer period to test it.
> If other agree, I would be happy to take a V2, were the default is
> unchanged but the documentation recommend tls1.1 for newer python. The
> rest of the series looks fine to me.
I recognize that this and the patch after it (a warning when only TLS 1.0
is available) are scary. I would like to hear another opinion before I drop
them. I plan on sending a revised series in an hour or two. I'll hold the
course with dropping default compatibility with TLS 1.0 until someone else
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Mercurial-devel