equal
deleted
inserted
replaced
98 |
98 |
99 # We default to TLS 1.1+ because TLS 1.0 has known vulnerabilities (like |
99 # We default to TLS 1.1+ because TLS 1.0 has known vulnerabilities (like |
100 # BEAST and POODLE). We allow users to downgrade to TLS 1.0+ via config |
100 # BEAST and POODLE). We allow users to downgrade to TLS 1.0+ via config |
101 # options in case a legacy server is encountered. |
101 # options in case a legacy server is encountered. |
102 |
102 |
103 # setup.py checks that either TLS 1.1 or TLS 1.2 is present, so the |
103 # setup.py checks that TLS 1.1 or TLS 1.2 is present, so the following |
104 # following assert should not fail. |
104 # assert should not fail. |
105 assert supportedprotocols - {b'tls1.0'} |
105 assert supportedprotocols - {b'tls1.0'} |
106 defaultminimumprotocol = b'tls1.1' |
106 defaultminimumprotocol = b'tls1.1' |
107 |
107 |
108 key = b'minimumprotocol' |
108 key = b'minimumprotocol' |
109 minimumprotocol = ui.config(b'hostsecurity', key, defaultminimumprotocol) |
109 minimumprotocol = ui.config(b'hostsecurity', key, defaultminimumprotocol) |