Mercurial > public > mercurial-scm > hg-stable
comparison mercurial/sslutil.py @ 44956:941fef7523c7
sslutil: remove dead code (that failed if only TLS 1.0 is available)
We ensure in setup.py that TLS 1.1 or TLS 1.2 is present.
| author | Manuel Jacob <me@manueljacob.de> |
|---|---|
| date | Sun, 31 May 2020 22:31:49 +0200 |
| parents | 5921dc0d5c3a |
| children | d61c05450b37 |
comparison
equal
deleted
inserted
replaced
| 44955:4dcb2791beab | 44956:941fef7523c7 |
|---|---|
| 248 # | 248 # |
| 249 # The PROTOCOL_TLSv* constants select a specific TLS version | 249 # The PROTOCOL_TLSv* constants select a specific TLS version |
| 250 # only (as opposed to multiple versions). So the method for | 250 # only (as opposed to multiple versions). So the method for |
| 251 # supporting multiple TLS versions is to use PROTOCOL_SSLv23 and | 251 # supporting multiple TLS versions is to use PROTOCOL_SSLv23 and |
| 252 # disable protocols via SSLContext.options and OP_NO_* constants. | 252 # disable protocols via SSLContext.options and OP_NO_* constants. |
| 253 if supportedprotocols == {b'tls1.0'}: | |
| 254 if minimumprotocol != b'tls1.0': | |
| 255 raise error.Abort( | |
| 256 _(b'current Python does not support protocol setting %s') | |
| 257 % minimumprotocol, | |
| 258 hint=_( | |
| 259 b'upgrade Python or disable setting since ' | |
| 260 b'only TLS 1.0 is supported' | |
| 261 ), | |
| 262 ) | |
| 263 | |
| 264 return ssl.PROTOCOL_TLSv1, 0 | |
| 265 | 253 |
| 266 # SSLv2 and SSLv3 are broken. We ban them outright. | 254 # SSLv2 and SSLv3 are broken. We ban them outright. |
| 267 options = ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | 255 options = ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 |
| 268 | 256 |
| 269 if minimumprotocol == b'tls1.0': | 257 if minimumprotocol == b'tls1.0': |