mercurial/sslutil.py
changeset 44902 24d440e2fdbb
parent 44901 53b3baaadb64
child 45915 8f50dc096cf4
equal deleted inserted replaced
44901:53b3baaadb64 44902:24d440e2fdbb
    98 
    98 
    99     # We default to TLS 1.1+ because TLS 1.0 has known vulnerabilities (like
    99     # We default to TLS 1.1+ because TLS 1.0 has known vulnerabilities (like
   100     # BEAST and POODLE). We allow users to downgrade to TLS 1.0+ via config
   100     # BEAST and POODLE). We allow users to downgrade to TLS 1.0+ via config
   101     # options in case a legacy server is encountered.
   101     # options in case a legacy server is encountered.
   102 
   102 
   103     # setup.py checks that either TLS 1.1 or TLS 1.2 is present, so the
   103     # setup.py checks that TLS 1.1 or TLS 1.2 is present, so the following
   104     # following assert should not fail.
   104     # assert should not fail.
   105     assert supportedprotocols - {b'tls1.0'}
   105     assert supportedprotocols - {b'tls1.0'}
   106     defaultminimumprotocol = b'tls1.1'
   106     defaultminimumprotocol = b'tls1.1'
   107 
   107 
   108     key = b'minimumprotocol'
   108     key = b'minimumprotocol'
   109     minimumprotocol = ui.config(b'hostsecurity', key, defaultminimumprotocol)
   109     minimumprotocol = ui.config(b'hostsecurity', key, defaultminimumprotocol)