[PATCH] added tls 1.3 support - done during IETF101 Hackathon

Codarren Velvindron codarren at hackers.mu
Sun Mar 18 08:04:18 UTC 2018 

# HG changeset patch
# User Codarren Velvindron <codarren at hackers.mu>
# Date 1521360069 -14400
#      Sun Mar 18 12:01:09 2018 +0400
# Node ID a47713f3cc05fafceed9bc8086734ffed65d51a5
# Parent  2d5d3033ff4ea2aab42bcc14af4db2cd3bccc455
[PATCH] added tls 1.3 support
-done during the IETF101 Hackathon

diff -r 2d5d3033ff4e -r a47713f3cc05 i18n/ja.po
--- a/i18n/ja.po	Thu Mar 15 11:19:16 2018 -0700
+++ b/i18n/ja.po	Sun Mar 18 12:01:09 2018 +0400
@@ -21618,8 +21618,8 @@
 "    指定が無い場合、 接続元/先の両方で使用可能な TLS バージョンから、\n"
 "    最新のものが採用されます。"
 
-msgid "    Allowed values are: ``tls1.0``, ``tls1.1``, ``tls1.2``."
-msgstr "    指定可能な値は ``tls1.0``, ``tls1.1``, ``tls1.2`` です。"
+msgid "    Allowed values are: ``tls1.0``, ``tls1.1``, ``tls1.2``, ``tls1.3``."
+msgstr "    指定可能な値は ``tls1.0``, ``tls1.1``, ``tls1.2``, ``tls1.3`` です。"
 
 msgid ""
 "    When running on an old Python version, only ``tls1.0`` is allowed since\n"
diff -r 2d5d3033ff4e -r a47713f3cc05 i18n/pt_BR.po
--- a/i18n/pt_BR.po	Thu Mar 15 11:19:16 2018 -0700
+++ b/i18n/pt_BR.po	Sun Mar 18 12:01:09 2018 +0400
@@ -24854,8 +24854,8 @@
 "    Por padrão, será usado o maior nível de TLS suportado tanto\n"
 "    pelo servidor como pelo cliente."
 
-msgid "    Allowed values are: ``tls1.0``, ``tls1.1``, ``tls1.2``."
-msgstr "    Os valores permitidos são: ``tls1.0``, ``tls1.1``, ``tls1.2``."
+msgid "    Allowed values are: ``tls1.0``, ``tls1.1``, ``tls1.2``, ``tls1.3``."
+msgstr "    Os valores permitidos são: ``tls1.0``, ``tls1.1``, ``tls1.2``, ``tls1.3``."
 
 msgid ""
 "    When running on an old Python version, only ``tls1.0`` is allowed since\n"
diff -r 2d5d3033ff4e -r a47713f3cc05 mercurial/help/config.txt
--- a/mercurial/help/config.txt	Thu Mar 15 11:19:16 2018 -0700
+++ b/mercurial/help/config.txt	Sun Mar 18 12:01:09 2018 +0400
@@ -1163,7 +1163,7 @@
     By default, the highest version of TLS supported by both client and server
     is used.
 
-    Allowed values are: ``tls1.0``, ``tls1.1``, ``tls1.2``.
+    Allowed values are: ``tls1.0``, ``tls1.1``, ``tls1.2``, ``tls1.3``.
 
     When running on an old Python version, only ``tls1.0`` is allowed since
     old versions of Python only support up to TLS 1.0.
diff -r 2d5d3033ff4e -r a47713f3cc05 mercurial/sslutil.py
--- a/mercurial/sslutil.py	Thu Mar 15 11:19:16 2018 -0700
+++ b/mercurial/sslutil.py	Sun Mar 18 12:01:09 2018 +0400
@@ -34,17 +34,20 @@
     'tls1.0',
     'tls1.1',
     'tls1.2',
+    'tls1.3',
 }
 
 hassni = getattr(ssl, 'HAS_SNI', False)
 
-# TLS 1.1 and 1.2 may not be supported if the OpenSSL Python is compiled
+# TLS 1.1, 1.2 and 1.3 may not be supported if the OpenSSL Python is compiled
 # against doesn't support them.
 supportedprotocols = {'tls1.0'}
 if util.safehasattr(ssl, 'PROTOCOL_TLSv1_1'):
     supportedprotocols.add('tls1.1')
 if util.safehasattr(ssl, 'PROTOCOL_TLSv1_2'):
     supportedprotocols.add('tls1.2')
+if util.safehasattr(ssl, 'PROTOCOL_TLSv1_3'):
+    supportedprotocols.add('tls1.3')
 
 try:
     # ssl.SSLContext was added in 2.7.9 and presence indicates modern
@@ -289,7 +292,7 @@
     # Despite its name, PROTOCOL_SSLv23 selects the highest protocol
     # that both ends support, including TLS protocols. On legacy stacks,
     # the highest it likely goes is TLS 1.0. On modern stacks, it can
-    # support TLS 1.2.
+    # support TLS 1.2 or 1.3.
     #
     # The PROTOCOL_TLSv* constants select a specific TLS version
     # only (as opposed to multiple versions). So the method for
@@ -319,6 +322,8 @@
         options |= ssl.OP_NO_TLSv1
     elif protocol == 'tls1.2':
         options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
+    elif protocol == 'tls1.3':
+        options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2
     else:
         raise error.Abort(_('this should not happen'))
 
@@ -537,6 +542,10 @@
         if 'tls1.2' not in supportedprotocols:
             raise error.Abort(_('TLS 1.2 not supported by this Python'))
         protocol = ssl.PROTOCOL_TLSv1_2
+    elif exactprotocol == 'tls1.3':
+        if 'tls1.3' not in supportedprotocols:
+            raise error.Abort(_('TLS 1.3 not supported by this Python'))
+        protocol = ssl.PROTOCOL_TLSv1_3
     elif exactprotocol:
         raise error.Abort(_('invalid value for serverexactprotocol: %s') %
                           exactprotocol)
diff -r 2d5d3033ff4e -r a47713f3cc05 tests/hghave.py
--- a/tests/hghave.py	Thu Mar 15 11:19:16 2018 -0700
+++ b/tests/hghave.py	Sun Mar 18 12:01:09 2018 +0400
@@ -523,6 +523,11 @@
     from mercurial import sslutil
     return 'tls1.2' in sslutil.supportedprotocols
 
+ at check("tls1.3", "TLS 1.3 protocol support")
+def has_tls1_3():
+    from mercurial import sslutil
+    return 'tls1.3' in sslutil.supportedprotocols
+
 @check("windows", "Windows")
 def has_windows():
     return os.name == 'nt'

More information about the Mercurial-devel mailing list