Mercurial > public > mercurial-scm > hg
comparison mercurial/sslutil.py @ 29617:2960ceee1948 stable
sslutil: allow TLS 1.0 when --insecure is used
--insecure is our psuedo-supported footgun for disabling connection
security.
The flag already disables CA verification. I think allowing the use of
TLS 1.0 when specified is appropriate.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Tue, 19 Jul 2016 20:16:51 -0700 |
| parents | 6cff2ac0ccb9 |
| children | fbf4adc0d8f2 |
comparison
equal
deleted
inserted
replaced
| 29616:3fde328d0913 | 29617:2960ceee1948 |
|---|---|
| 179 | 179 |
| 180 key = '%s:minimumprotocol' % hostname | 180 key = '%s:minimumprotocol' % hostname |
| 181 protocol = ui.config('hostsecurity', key, protocol) | 181 protocol = ui.config('hostsecurity', key, protocol) |
| 182 validateprotocol(protocol, key) | 182 validateprotocol(protocol, key) |
| 183 | 183 |
| 184 # If --insecure is used, we allow the use of TLS 1.0 despite config options. | |
| 185 # We always print a "connection security to %s is disabled..." message when | |
| 186 # --insecure is used. So no need to print anything more here. | |
| 187 if ui.insecureconnections: | |
| 188 protocol = 'tls1.0' | |
| 189 | |
| 184 s['protocol'], s['ctxoptions'] = protocolsettings(protocol) | 190 s['protocol'], s['ctxoptions'] = protocolsettings(protocol) |
| 185 | 191 |
| 186 ciphers = ui.config('hostsecurity', 'ciphers') | 192 ciphers = ui.config('hostsecurity', 'ciphers') |
| 187 ciphers = ui.config('hostsecurity', '%s:ciphers' % hostname, ciphers) | 193 ciphers = ui.config('hostsecurity', '%s:ciphers' % hostname, ciphers) |
| 188 s['ciphers'] = ciphers | 194 s['ciphers'] = ciphers |