Mercurial > public > mercurial-scm > hg-stable
comparison mercurial/hgweb/server.py @ 12797:076bbbf0ba86 stable
hgweb: let HTTPS serve use more compatible and less secure encryption
PROTOCOL_SSLv3 on the server side doesn't work everywhere. Sometimes the client
reports "EOF occurred in violation of protocol" (for example on Mac and Solaris).
The more compatible PROTOCOL_SSLv23 is now used instead. It works but is less
"secure" for some OpenSSL versions as it can fall back to weak encryption.
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Thu, 21 Oct 2010 03:18:52 +0200 |
| parents | 763be3cd084a |
| children | 8fa83d7159eb |
comparison
equal
deleted
inserted
replaced
| 12796:bc69ba99e34b | 12797:076bbbf0ba86 |
|---|---|
| 225 import ssl | 225 import ssl |
| 226 ssl.wrap_socket | 226 ssl.wrap_socket |
| 227 except ImportError: | 227 except ImportError: |
| 228 raise util.Abort(_("SSL support is unavailable")) | 228 raise util.Abort(_("SSL support is unavailable")) |
| 229 httpserver.socket = ssl.wrap_socket(httpserver.socket, server_side=True, | 229 httpserver.socket = ssl.wrap_socket(httpserver.socket, server_side=True, |
| 230 certfile=ssl_cert, ssl_version=ssl.PROTOCOL_SSLv3) | 230 certfile=ssl_cert, ssl_version=ssl.PROTOCOL_SSLv23) |
| 231 | 231 |
| 232 def setup(self): | 232 def setup(self): |
| 233 self.connection = self.request | 233 self.connection = self.request |
| 234 self.rfile = socket._fileobject(self.request, "rb", self.rbufsize) | 234 self.rfile = socket._fileobject(self.request, "rb", self.rbufsize) |
| 235 self.wfile = socket._fileobject(self.request, "wb", self.wbufsize) | 235 self.wfile = socket._fileobject(self.request, "wb", self.wbufsize) |