[Bug 5313] New: SSL errors on Windows

mercurial-bugs at selenic.com mercurial-bugs at selenic.com
Mon Jul 25 06:19:23 EDT 2016


            Bug ID: 5313
           Summary: SSL errors on Windows
           Product: Mercurial
           Version: 3.9-rc
          Hardware: PC
                OS: Windows
            Status: UNCONFIRMED
          Severity: bug
          Priority: urgent
         Component: Mercurial
          Assignee: bugzilla at selenic.com
          Reporter: matt_harbison at yahoo.com
                CC: gregory.szorc at gmail.com,
                    kbullock+mercurial at ringworld.org,
                    mercurial-devel at selenic.com

I installed the 3.9-rc on Win7 x32 using the inno installer, and when I pull
from https://mercurial-scm.org/hg, I get the following:

$ hg in https://mercurial-scm.org/hg --debug
using https://mercurial-scm.org/hg
sending capabilities command
abort: error: unknown error (_ssl.c:628)

$ hg debuginstall
checking encoding (UTF-8)...
checking Python executable (c:\Program Files\Mercurial\hg.exe)
checking Python version (2.7.12)
checking Python lib (c:\Program Files\Mercurial\lib\library.zip)...
checking Mercurial version (3.9-rc)
checking Mercurial custom build ()
checking module policy (c)
checking installed modules (c:\Program
checking templates (c:\Program Files\Mercurial\templates)...
checking default template (c:\Program
checking commit editor... ("C:/Program Files/Notepad++/notepad++.exe")
checking username (Matt Harbison <mharbison at attotech.com>)
no problems detected

I had an ancient python 2.7 installed, and pulling using the local development
hg repo warned about using TLS 1.0.  (I assume that version didn't know about
TLS1.1+.)  Once I upgraded to 2.7.12, pulling using the local development repo
fails in the same way.

I tried to replicate this using the 64 bit installer on another machine, and
instead got a message saying "could not negotiate a common protocol", followed
by an SSL error.  This seems to be simply that the website only supports TLS
1.0, as it can be avoided with '--config hostsecurity.minimumprotocol=tls1.0". 
So this part is an infrastructure issue.  But I have no idea how to go about
debugging the first part.

You are receiving this mail because:
You are on the CC list for the bug.

More information about the Mercurial-devel mailing list